![]() ![]() Reads the registry for VMWare specific artifacts Reads Antivirus engine related registry keys Possibly checks for the presence of an Antivirus engine Queries the internet cache settings (often used to hide footprints in index.dat or internet cache)Įxecutes WMI queries known to be used for VM detection Queries firmware table information (may be used to fingerprint/evade) Modifies auto-execute functionality by setting/creating a value in the registry Interacts with the primary disk partition (DR0) Touched instant messenger related registry keys Scans for artifacts that may help identify the target Contains ability to retrieve keyboard strokesįound a string that may be used as part of an injection method ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |