Potential IP "1.3.0.5" found in string "\par Ashampoo BurnYa DataCD 1.3.0.5" Potential IP "4.4.0.5" found in string "\par Ashampoo CD Recording Suite 4.4.0.5" Potential IP "1.1.0.9" found in string "\par Ashampoo PowerUp XP Platinum 1.1.0.9" Potential IP "2.0.0.0" found in string "\par AweVBank 98 RV 2.0.0.0 : Key: xu98NnOFuW0D-&Z%jMAHaPtb%7YVH1ohaCYwh-&7cnwbFTjfEzlGSxCzINNftj-xZihb3ZIl0duX82QexsdivKo-2TDK&UvO3kHH" Removes Office resiliency keys (often used to avoid problems opening documents)Īdversaries may attempt to get a listing of open application windows.Īdversaries may target user email to collect sensitive information from a target.įound a potential E-Mail address in binary/memory Microsoft Office is a fairly common application suite on Windows-based operating systems within an enterprise network.Ĭontains embedded VBA macros with keywords that indicate auto-execute behaviorĬontains embedded VBA macros (normalized)Īdversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in Persistence and Execution. Installs hooks/patches the running process
Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources.
An adversary may rely upon specific actions by a user in order to gain execution.Ĭontains embedded VBA macros with interesting stringsĬontains embedded VBA macros with suspicious keywords
0 kommentar(er)
