https://x7peeps.com/tags/AmCache/index.htmlHugozh-CNMon, 22 Jun 2026 14:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/%E9%87%8D%E7%82%B9%E7%9B%AE%E5%BD%95%E5%BC%82%E5%B8%B8%E6%96%87%E4%BB%B6%E4%B8%8E%E8%90%BD%E5%9C%B0%E8%BD%BD%E8%8D%B7%E5%85%B3%E8%81%94%E5%88%86%E6%9E%90/index.htmlTue, 16 Jun 2026 15:05:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/%E9%87%8D%E7%82%B9%E7%9B%AE%E5%BD%95%E5%BC%82%E5%B8%B8%E6%96%87%E4%BB%B6%E4%B8%8E%E8%90%BD%E5%9C%B0%E8%BD%BD%E8%8D%B7%E5%85%B3%E8%81%94%E5%88%86%E6%9E%90/index.html围绕临时目录、下载目录、Prefetch、Recent、Amcache 等重点目录结果，分析异常文件是工具投放、载荷落地、中间产物还是清痕残留。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/Recent%E4%B8%8EPrefetch%E5%92%8CAmcache%E6%89%A7%E8%A1%8C%E7%97%95%E8%BF%B9%E4%BA%A4%E5%8F%89%E5%88%86%E6%9E%90/index.htmlTue, 16 Jun 2026 16:10:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/Recent%E4%B8%8EPrefetch%E5%92%8CAmcache%E6%89%A7%E8%A1%8C%E7%97%95%E8%BF%B9%E4%BA%A4%E5%8F%89%E5%88%86%E6%9E%90/index.html围绕 Recent、LNK、Prefetch、Amcache 等执行痕迹，分析程序是仅存在、被用户点击，还是已经真实执行，并给出交叉印证方法。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/Windows%E6%B3%A8%E5%86%8C%E8%A1%A8%E5%8F%96%E8%AF%81%E6%B7%B1%E5%BA%A6%E5%88%86%E6%9E%90%E4%B8%8E%E5%85%A5%E4%BE%B5%E7%97%95%E8%BF%B9%E8%AF%86%E5%88%AB/index.htmlMon, 22 Jun 2026 14:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/0x03%E5%8F%96%E8%AF%81%E5%88%86%E6%9E%90/Windows%E6%B3%A8%E5%86%8C%E8%A1%A8%E5%8F%96%E8%AF%81%E6%B7%B1%E5%BA%A6%E5%88%86%E6%9E%90%E4%B8%8E%E5%85%A5%E4%BE%B5%E7%97%95%E8%BF%B9%E8%AF%86%E5%88%AB/index.html围绕 Windows 注册表的 Hive 结构、事务日志、关键取证 Artifacts，分析攻击者如何利用注册表实现持久化、执行、用户活动追踪，以及如何从注册表中恢复被删除的证据。