TargetObject\|contains : ' \Explorer\Browser Helper Objects\\NoExplorer' Registry_event_asep_reg_keys_modification_wow6432node.yml Registry_event_asep_reg_keys_modification_currentversion.yml Registry_event_asep_reg_keys_modification.yml Use of Program Compatibility Troubleshooter Helper Proc_creation_win_susp_netsh_dll_persistence.ymlĭescription : Detects persitence via netsh helper Malicious modifications to these Registry keys may cause Winlogon to load and execute malicious DLLs and/or executables. Registry entries in HKLM\SoftwareMicrosoft\Windows NT\CurrentVersion\Winlogon\ and HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ are used to manage additional helper programs and functionalities that support Winlogon. Sourceĭescription : Winlogon.exe is a Windows component responsible for actions at logon/logoff as well as the secure attention sequence (SAS) triggered by Ctrl-Alt-Delete. While helper.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes. The following table contains possible examples of helper.exe being misused. Subject: CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=Mountain View, S=California, C=USĬ:\program files\Mozilla Firefox\uninstall\helper.exeĬ:\Program Files\Mozilla Firefox\uninstall\helper.exeĬ:\Program Files\Mozilla Thunderbird\uninstall\helper.exe.Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=O=DigiCert Inc, C=US.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |