LoFP LoFP / t1012

t1012

TitleTags
discord
dumping hives for legitimate purpouse i.e. backup or forensic investigation
false positives will be present based on many factors. tune the correlation as needed to reduce too many triggers.
legitimate export of keys
network administrator can use this command tool to backup registry before updates or modifying critical registries.
the lookup file `browser_app_list` may not contain all the browser applications that are allowed to access the browser user data profiles. consider updating the lookup files to add allowed object paths for the browser applications that are not included in the lookup file.
uninstall application may access this registry to remove the entry of the target application. filter is needed.
uninstall chrome application may access this file and folder path to removed chrome installation in target host. filter is needed.
uninstall chrome browser extension application may access this file and folder path to removed chrome installation in the target host. filter is needed.
unlikely