Beyond good ol’ Run key, Part 136 January 18, 2022 in Autostart (Persistence),... 2022-1-19 03:23:9 | 阅读: 22 | 收藏 | www.hexacorn.com winword wwlibt powerpoint software microsoft

Yara Carpet Bomber January 16, 2022 in Yara sigs... 2022-1-16 23:50:25 | 阅读: 24 | 收藏 | www.hexacorn.com eng yar slowing windows x00p

ms-cxh and ms-cxh-full handlers January 16, 2022 in Archaeology, Uncategoriz... 2022-1-16 18:46:58 | 阅读: 617 | 收藏 | www.hexacorn.com cxh frx dialog windows moset

Windows Installation animation January 16, 2022 in Archaeology, Windows 10,... 2022-1-16 18:4:24 | 阅读: 46 | 收藏 | www.hexacorn.com windows animation oobe

Beyond good ol’ Run key, Part 135 January 16, 2022 in Autostart (Persistence)... 2022-1-16 17:50:49 | 阅读: 31 | 收藏 | www.hexacorn.com windows oobe yesterday exewinsetup

Putting .inf files and NSRL database to a better use When you look at a large repository of clean files there is always an opportunity to fin... 2021-12-26 07:8:41 | 阅读: 31 | 收藏 | www.hexacorn.com software nsrl productcode clusters

Mapping Chrome extension IDs to their names December 24, 2021 in Chrome, Forensic Analys... 2021-12-25 07:35:1 | 阅读: 30 | 收藏 | www.hexacorn.com chrome analysis weird coined

Dexray v2.31 Dexray v2.31November 11, 2021 in DeXRAY, Sof... 2021-11-12 07:17:15 | 阅读: 38 | 收藏 | www.hexacorn.com dexray simpo13 software defender download

Trololololobin and other lolololocoasters 2021-10-09 15:44:16 | 阅读: 28 | 收藏 | www.hexacorn.com

Wine tasting, again July 10, 2021 in Anti-*... 2021-07-11 01:51:33 | 阅读: 144 | 收藏 | www.hexacorn.com wine dbg windows fdntdll drivergdi32

KillBit legacy – in search for ActiveX Lolbins KillBit legacy – in search for ActiveX Lolbins... 2021-06-12 07:07:06 | 阅读: 146 | 收藏 | www.hexacorn.com download software ocx facilitate falsex

Shopping for LOLbins June 10, 2021 in Archaeology, Living off the... 2021-06-11 07:13:59 | 阅读: 170 | 收藏 | www.hexacorn.com photoshop windows progid illustrator

A story about Procmon (no, not that one – its misbehaving client) May 26, 2021 in Archaeology... 2021-05-27 07:49:12 | 阅读: 130 | 收藏 | www.hexacorn.com procmon crash client network anyway

Excellent Conversions (and downloads) May 23, 2021 in Archaeology, Living off the... 2021-05-24 07:19:26 | 阅读: 165 | 收藏 | www.hexacorn.com xlsx excelcnv oice ods bcs

BYOT – Bring Your Own Telemetry May 20, 2021 in LOLBins... 2021-05-21 06:33:59 | 阅读: 210 | 收藏 | www.hexacorn.com windows syswow64 appraiser loaded

Beyond good ol’ Run key, Part 134 May 3, 2021 in Archaeology, Autostart (Persi... 2021-05-04 04:19:55 | 阅读: 205 | 收藏 | www.hexacorn.com photoshop dropping historical imageready

Non-debugging uses of CDB May 3, 2021 in Forensic Analysis, Living off... 2021-05-03 21:25:16 | 阅读: 197 | 收藏 | www.hexacorn.com debugger aedebug comspec iaec iae

Debug Environment Variable are \o/ May 3, 2021 in Autostart (Persistence), Livi... 2021-05-03 20:56:06 | 阅读: 174 | 收藏 | www.hexacorn.com windbg proxy malicious autostart moreso

SleepStudy logs SleepStudy logsMay 3, 2021 in Forensic Analy... 2021-05-03 20:09:25 | 阅读: 202 | 收藏 | www.hexacorn.com windows yyyy sleepstudy etl hh

Cur\o/bin Cur\o/binMay 2, 2021 in Living off the land,... 2021-05-02 22:53:11 | 阅读: 233 | 收藏 | www.hexacorn.com copying cooler timestamps surgical procmon