"CREATE TABLE IF NOT EXISTS MsiFileInfoCache (MsiDB TEXT, FileName TEXT, FileSize TEXT, Path TEXT, ProductCode TEXT, MSIDisplayName TEXT) " "CREATE TABLE IF NOT EXISTS MsiFileInfoCacheDate (MsiDB TEXT PRIMARY KEY, Time DateTime) " "CREATE TABLE IF NOT EXISTS CompanyInfoCache (TUID TEXT, CompanyName TEXT) " "CREATE TABLE IF NOT EXISTS CompanyInfoCacheDate (TUID TEXT PRIMARY KEY, Time DateTime) "
"DELETE FROM CompanyInfoCache WHERE rowid NOT IN (SELECT MIN(ROWID) FROM CompanyInfoCache GROUP BY TUID, CompanyName) " "SELECT 1 FROM CompanyInfoCache LIMIT 1 " "CREATE TABLE IF NOT EXISTS DebuggerRegistration (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, TUID TEXT) " "CREATE TABLE IF NOT EXISTS ProgramToEntriesMapping (id INTEGER PRIMARY KEY AUTOINCREMENT, TUID TEXT, UniqueID TEXT, Time DATE, Data TEXT) " "CREATE TABLE IF NOT EXISTS IgnoredPrograms (id INTEGER PRIMARY KEY AUTOINCREMENT, TUID TEXT, Time DATE) " "CREATE TABLE IF NOT EXISTS %s (id INTEGER PRIMARY KEY AUTOINCREMENT, %s TEXT, %s TEXT, Time DATE, Data TEXT) " "CREATE TABLE IF NOT EXISTS AdobeReaderPluginModifications (id INTEGER PRIMARY KEY AUTOINCREMENT, PluginID TEXT, Time DATE, Data TEXT) " "CREATE TABLE IF NOT EXISTS ActualEntryModifications (id INTEGER PRIMARY KEY AUTOINCREMENT, EntryID TEXT, Entr圜ategory TEXT, Time DATE, Data TEXT) " "CREATE TABLE IF NOT EXISTS ExeFiles (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, TUID TEXT, Path TEXT, AnalyzeTime DATE, Data TEXT) " "CREATE TABLE IF NOT EXISTS ActualProgramModifications (id INTEGER PRIMARY KEY AUTOINCREMENT, ProgID TEXT, Time DATE, Data TEXT) " Possibly checks for the presence of an Antivirus engine The input sample is signed with a certificateĪdversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on the system. Process injection is a method of executing arbitrary code in the address space of a separate live process.Ĭode signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with.
Windows Management Instrumentation (WMI) is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components.įound a reference to a WMI query string known to be used for VM detection
0 kommentar(er)
