注册表
Flag:等有时间,每一条都写个poc或者解释下利用方法
注册表项 |
HKCU\Environment\UserInitMprLogonScript |
HKCU\Software\Classes*\ShellEx\ContextMenuHandlers |
HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers |
HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers |
HKCU\Software\Classes\Directory\Shellex\DragDropHandlers |
HKCU\Software\Classes\Drive\ShellEx\ContextMenuHandlers |
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run |
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell |
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce |
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx |
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices |
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce |
HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Windows |
HKCU\Software\Policies\Microsoft\Windows\System\Scripts |
HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run |
HKLM\Software\Classes*\ShellEx\PropertySheetHandlers |
HKLM\Software\Classes\CLSID{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance |
HKLM\Software\Classes\CLSID{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance |
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers |
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers |
HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers |
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers |
HKLM\Software\Classes\Filter |
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers |
HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers |
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components |
HKLM\Software\Microsoft\Rpc\Extensions |
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 |
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers |
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon |
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler |
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers |
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects |
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce |
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx |
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices |
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce |
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad |
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad |
HKLM\Software\Policies\Microsoft\Windows\System\Scripts |
HKLM\Software\Wow6432Node\Classes*\ShellEx\ContextMenuHandlers |
HKLM\Software\Wow6432Node\Classes*\ShellEx\PropertySheetHandlers |
HKLM\Software\Wow6432Node\Classes\CLSID{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance |
HKLM\Software\Wow6432Node\Classes\CLSID{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance |
HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers |
HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers |
HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers |
HKLM\Software\Wow6432Node\Classes\Drive\ShellEx\ContextMenuHandlers |
HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers |
HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers |
HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components |
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32 |
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler |
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers |
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects |
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run |
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad |
HKLM\System\CurrentControlSet\Control\Lsa\ |
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\Security Packages |
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages |
HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Print Processors |
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors |
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls |
HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\ |
HKLM\System\CurrentControlSet\Services |
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries |
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64 |
HKU*\software\microsoft\windows\currentversion\explorer\user shell folders\startup |
最后更新于