LOLBAS/yml/OSBinaries/Psr.yml

23 lines
731 B
YAML

---
Name: Psr.exe
Description: Surveillance
Author: ''
Created: '2018-05-25'
Categories: []
Commands:
- Command: psr.exe /start /gui 0 /output c:\users\user\out.zip
Description: Capture screenshots of the desktop and save them in the target .ZIP file.
- Command: psr.exe /start /maxsc 100 /gui 0 /output c:\users\user\out.zip
Description: Capture a maximum of 100 screenshots of the desktop and save them in the target .ZIP file.
- Command: psr.exe /stop
Description: Stop the Problem Step Recorder.
Full Path:
- C:\Windows\System32\Psr.exe
- C:\Windows\SysWOW64\Psr.exe
Code Sample: []
Detection: []
Resources:
- https://www.sans.org/summit-archives/file/summit-archive-1493861893.pdf
Notes: 'Thanks to '