-
Notifications
You must be signed in to change notification settings - Fork 32
/
help
5 lines (5 loc) · 1.28 KB
/
help
1
2
3
4
5
"Name","Risk","Source","Technique","Meta"
"Potential App Path Hijacking - Executable Name does not match Registry Key","Medium","Registry","T1546: Event Triggered Execution","Key Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEDIAG.EXE, Entry Name: (default), Entry Value: C:\Program Files\Internet Explorer\IEDIAGCMD.EXE"
"Potential App Path Hijacking - Executable Name does not match Registry Key","Medium","Registry","T1546: Event Triggered Execution","Key Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mplayer2.exe, Entry Name: (default), Entry Value: C:\Program Files (x86)\Windows Media Player\wmplayer.exe"
"Potential App Path Hijacking - Executable Name does not match Registry Key","Medium","Registry","T1546: Event Triggered Execution","Key Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pbrush.exe, Entry Name: (default), Entry Value: C:\Windows\System32\mspaint.exe"
"Potential App Path Hijacking - Executable Name does not match Registry Key","Medium","Registry","T1546: Event Triggered Execution","Key Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WRITE.EXE, Entry Name: (default), Entry Value: ""C:\Program Files\Windows NT\Accessories\WORDPAD.EXE"""