Back to Blog
Process monitor registry changes5/30/2023 ![]() ![]() The program has a great GUI that allows you to quickly see (and disable) autorunning entries, send file hashes for analysis, and run before-and-after comparisons. New attack vectors find their way into Autoruns pretty quickly. Not only is it hosted by Microsoft, but it was created by the legendary Mark Russinovich and frequently updated by him and his team. Some people prefer a similar script called Silent Runners.vbs, but I prefer Autoruns. ![]() Covering 19 different registry key sections, Autoruns is pretty thorough. ![]() If you review the registry keys that Autoruns inspects, you’ll have one of the most complete lists of the registry keys that malware likes to manipulate. ![]()
0 Comments
Read More
Leave a Reply. |