HowTo: Determine Program Execution
Tags
attack-pattern: Data Direct Indirect Malware - T1587.001 Malware - T1588.001 Mmc - T1218.014 Python - T1059.006 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Windows Service - T1543.003 Vulnerabilities - T1588.006 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID 69c34c9a-b0fe-4e5c-8fcc-03ccc135e025
Fingerprint 315c885a05d725c9
Analysis status DONE
Considered CTI value 0
Text language
Published July 6, 2013, 10:40 a.m.
Added to db Jan. 19, 2023, 12:07 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Windows Incident Response
Title HowTo: Determine Program Execution
Detected Hints/Tags/Attributes 53/1/31
Source URLs
Redirection Url
Details Source http://windowsir.blogspot.com/2013/07/howto-determine-program-execution.html
URL Provider
Details Provider Source level domain
Details blogspot.com windowsir.blogspot.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
jobparse.pl
Details Domain 2 
userassist.pl
Details Domain 1 
runmru.pl
Details Domain 1 
appcompatflags.pl
Details Domain 1 
idxparse.pl
Details Domain 1 
pref.pl
Details Domain 1 
appcompatcache.pl
Details Domain 1 
legacy.pl
Details Domain 1 
direct.pl
Details Domain 1 
tracing.pl
Details Domain 1 
evtxparse.pl
Details File 249 
schtasks.exe
Details File 30 
at.exe
Details File 1 
jobparse.pl
Details File 2 
userassist.pl
Details File 2 
userassist_tln.pl
Details File 1 
runmru.pl
Details File 193 
ntuser.dat
Details File 1 
appcompatflags.pl
Details File 28 
usrclass.dat
Details File 1 
idxparse.pl
Details File 1 
pref.pl
Details File 1 
appcompatcache.pl
Details File 1 
appcompatcache_tln.pl
Details File 1 
legacy.pl
Details File 263 
iexplore.exe
Details File 1 
dvdmaker.exe
Details File 54 
mmc.exe
Details File 1 
direct.pl
Details File 1 
tracing.pl
Details File 1 
evtxparse.pl