Beyond good ol’ Run key, Part 115

September 13, 2019 in Anti-Forensics, Autostart (Persistence)

This is yet another episode of “I think I am right, but I have not tested it”. I don’t have the hardware to do it, but I do have information that suggests it should work.

It’s nearly Saturday, so we should talk about cats. And one cat in particular has a potential meaning in the persistence universe: a cougar.

The following Registry entries point to a settings.dll library. I suspect that if you have Cougar software installed, these entries exist and are utilized by the supporting software. Aka if you point these settings to a different DLL, you may achieve a man-in-the-middle persistence.

  • HKLM\SOFTWARE\Cougar\GamingDevice\250M\Dll\String=setting.dll
  • HKLM\SOFTWARE\Cougar\GamingDevice\300M\Dll\String=setting.dll
  • HKLM\SOFTWARE\Cougar\GamingDevice\400M\Dll\String=setting.dll
  • HKLM\SOFTWARE\Cougar\GamingDevice\450K\Dll\String=setting.dll
  • HKLM\SOFTWARE\Cougar\GamingDevice\450M\Dll\String=setting.dll
  • HKLM\SOFTWARE\Cougar\GamingDevice\500K\Dll\String=setting.dll
  • HKLM\SOFTWARE\Cougar\GamingDevice\500M\Dll\String=setting.dll
  • HKLM\SOFTWARE\Cougar\GamingDevice\530M\Dll\String=setting.dll
  • HKLM\SOFTWARE\Cougar\GamingDevice\550M\Dll\String=setting.dll
  • HKLM\SOFTWARE\Cougar\GamingDevice\600M\Dll\String=setting.dll
  • HKLM\SOFTWARE\Cougar\GamingDevice\700K\Dll\String=setting.dll
  • HKLM\SOFTWARE\Cougar\GamingDevice\700M\Dll\String=setting.dll
  • HKLM\SOFTWARE\Cougar\GamingDevice\AttackX3\Dll\String=setting.dll
  • HKLM\SOFTWARE\Cougar\GamingDevice\Revenger\Dll\String=setting.dll

I would appreciate if you could test it, if you have the aforementioned software installed. Thank you.

Share this :)

Comments are closed.