mirror of
https://github.com/gnh1201/welsonjs.git
synced 2024-11-26 15:31:42 +00:00
Updated File Event Monitor (markdown)
parent
881a201f19
commit
f523ffd329
|
@ -26,6 +26,19 @@ function onRegistryModified(args) {
|
|||
}
|
||||
```
|
||||
|
||||
Once all implementations and configurations are complete, you should see the following console message:
|
||||
|
||||
```
|
||||
2024-09-10 오후 2:22:08: > Detected the registry modification: HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2045960190-3833789326-3828594115-1001\\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
||||
2024-09-10 오후 2:22:08: onRegistryModified recevied. -, 5796, C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, SetValue, HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2045960190-3833789326-3828594115-1001\\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
||||
2024-09-10 오후 2:22:14: > Detected the network connection: udp://fe80:0:0:0:faa7:67af:298e:fb1d:5353
|
||||
2024-09-10 오후 2:22:14: onNetworkConnected recevied. technique_id=T1571,technique_name=Non-Standard Port, 1996, C:\Windows\System32\svchost.exe, udp://fe80:0:0:0:faa7:67af:298e:fb1d:5353
|
||||
2024-09-10 오후 2:22:14: > Detected the network connection: udp://fe80:0:0:0:faa7:67af:298e:fb1d:5353
|
||||
2024-09-10 오후 2:22:14: onNetworkConnected recevied. technique_id=T1571,technique_name=Non-Standard Port, 33248, C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, udp://fe80:0:0:0:faa7:67af:298e:fb1d:5353
|
||||
```
|
||||
|
||||
|
||||
|
||||
### For System Administrators or Security Analysts
|
||||
|
||||
#### MITRE ATT&CK (MITRE attack)
|
||||
|
|
Loading…
Reference in New Issue
Block a user