AppCert DLLs Registry Modification
Dynamic-link libraries (DLLs) that are specified in the AppCertDLLs value in the Registry key can be abused to obtain persistence and privilege escalation by causing a malicious DLL to be loaded and run in the context of separate processes on the computer.
id: | 14f90406-10a0-4d36-a672-31cabe149f2f |
categories: | enrich |
confidence: | low |
os: | windows |
created: | 7/26/2019 |
updated: | 7/26/2019 |
Query
registry where registry_path == "*\\System\\ControlSet*\\Control\\Session Manager\\AppCertDLLs\\*"