Closed ION28 closed 4 years ago
https://attack.mitre.org/techniques/T1122/
{USERS + HKLM} \Software\Classes\CLSID{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 , LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveSynced
(locations of CLSIDs)
https://www.gdatasoftware.com/blog/2014/10/23941-com-object-hijacking-the-discreet-way-of-persistence
ION28
commented
4 years ago
https://attack.mitre.org/techniques/T1122/
{USERS + HKLM} \Software\Classes\CLSID{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 , LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveSynced
(locations of CLSIDs)