![]() ".exe" wrote bytes "e9e8b29b8b" to virtual address "0x76A14D22" wrote bytes "ff2515002500" to virtual address "0x0025000F" (part of module "WINDOWSSHELL.MANIFEST") ![]() ".exe" wrote bytes "e966c73277" to virtual address "0x00250005" (part of module "WINDOWSSHELL.MANIFEST") Reads terminal service related keys (often RDP related)Īdversaries may target user email to collect sensitive information from a target.įound a potential E-Mail address in binary/memory Remote desktop is a common feature in operating systems. Reads information about supported languagesĪdversaries may attempt to get information about running processes on a system. Opens the Kernel Security Device Driver (KsecDD) of WindowsĪdversaries may attempt to get a listing of open application windows.Īdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. Loadable Kernel Modules (or LKMs) are pieces of code that can be loaded and unloaded into the kernel upon demand. Installs hooks/patches the running process Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources.
0 Comments
Leave a Reply. |