# generated using capa explorer for IDA Pro
rule:
meta:
name: query or enumerate registry value via StdRegProv
namespace: host-interaction/registry
authors:
- michael.hunhoff@mandiant.com
scopes:
static: function
dynamic: thread
references:
- https://docs.microsoft.com/en-us/previous-versions/windows/desktop/regprov/stdregprov#methods
features:
- and:
- string: "StdRegProv"
- or:
- string: "EnumValues"
- string: "GetBinaryValue"
- string: "GetDWORDValue"
- string: "GetExpandedStringValue"
- string: "GetMultiStringValue"
- string: "GetQWORDValue"
- string: "GetStringValue"
last edited: 2023-11-24 10:34:28