Windows Incident Response : Windows 11
Tags
attack-pattern: Data File Deletion - T1070.004 File Deletion - T1630.002 Hardware - T1592.001 Local Groups - T1069.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 File Deletion - T1107 Powershell - T1086 Windows Management Instrumentation - T1047
Show in Graph
Common Information
Type Value
UUID 412647a9-e309-4724-9bdd-3cfe73cfad3c
Fingerprint b41eccf621272680
Analysis status DONE
Considered CTI value 0
Text language
Published March 1, 2023, 11:50 a.m.
Added to db March 1, 2023, 1:23 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Windows Incident Response : Windows 11
Title Windows Incident Response : Windows 11
Detected Hints/Tags/Attributes 77/1/28
Source URLs
Redirection Url
Details Source https://medium.com/@reotmani/windows-incident-response-windows-11-56129163b40d?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 20 
www.hackingarticles.in
Details Domain 219 
gist.github.com
Details File 119 
smss.exe
Details File 165 
csrss.exe
Details File 212 
winlogon.exe
Details File 89 
wininit.exe
Details File 31 
lsm.exe
Details File 306 
services.exe
Details File 478 
lsass.exe
Details File 1122 
svchost.exe
Details File 62 
taskhost.exe
Details File 1260 
explorer.exe
Details File 117 
taskmgr.exe
Details File 39 
anydesk.exe
Details Github username 1 
romelsan
Details md5 1 
9ebef17aa9aa061d6b32e2e250181942
Details IPv4 1 
192.168.205.133
Details Url 1 
https://www.hackingarticles.in/incident-response-windows-cheatsheet
Details Url 1 
https://gist.github.com/romelsan/9ebef17aa9aa061d6b32e2e250181942
Details Windows Registry Key 41 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details Windows Registry Key 3 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Details Windows Registry Key 33 
HKLM\SYSTEM\CurrentControlSet\Services
Details Windows Registry Key 164 
HKLM\SOFTWARE\Microsoft\Windows
Details Windows Registry Key 188 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Details Windows Registry Key 44 
HKLM\SOFTWARE\Policies\Microsoft\Windows
Details Windows Registry Key 98 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Details Windows Registry Key 19 
HKLM\SYSTEM\CurrentControlSet\Control\Session
Details Windows Registry Key 1 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User