LOLBAS/yml/LOLUtilz/OSBinaries/Psr.yml

23 lines
731 B
YAML
Raw Normal View History

2018-06-09 00:15:06 +02:00
---
Name: Psr.exe
Description: Surveillance
Author: ''
Created: '2018-05-25'
Categories: []
Commands:
- Command: psr.exe /start /gui 0 /output c:\users\user\out.zip
Description: Capture screenshots of the desktop and save them in the target .ZIP file.
- Command: psr.exe /start /maxsc 100 /gui 0 /output c:\users\user\out.zip
Description: Capture a maximum of 100 screenshots of the desktop and save them in the target .ZIP file.
- Command: psr.exe /stop
Description: Stop the Problem Step Recorder.
Full_Path:
2018-06-09 00:15:06 +02:00
- C:\Windows\System32\Psr.exe
- C:\Windows\SysWOW64\Psr.exe
Code_Sample: []
2018-06-09 00:15:06 +02:00
Detection: []
Resources:
- https://www.sans.org/summit-archives/file/summit-archive-1493861893.pdf
Notes: 'Thanks to '