mirror of
https://github.com/Aryma-f4/Ares-mythic.git
synced 2026-06-12 22:54:11 +00:00
03d283cf49
This commit renames the Apollo payload type to Ares, moving all associated files and updating documentation accordingly. The change includes: - Renaming directories from `apollo` to `ares` - Updating documentation image references - Maintaining the same code functionality while changing the payload name - Adding new Ares-specific documentation files - Removing old Apollo documentation files The rename is done to reflect the new payload name while preserving all existing functionality.
40 lines
634 B
Markdown
40 lines
634 B
Markdown
+++
|
|
title = "reg_query"
|
|
chapter = false
|
|
weight = 103
|
|
hidden = false
|
|
+++
|
|
|
|
{{% notice info %}}
|
|
Artifacts Generated: Registry Read
|
|
{{% /notice %}}
|
|
|
|
## Summary
|
|
Query subkeys of a specified registry key.
|
|
|
|
### Arguments
|
|
|
|
|
|
|
|
#### Hive
|
|
The registry key to retrieve subkeys for. This must be in the format of `HKLM:\SYSTEM\Setup`, where `HKLM` can be any of the following values:
|
|
|
|
- HKLM
|
|
- HKCU
|
|
- HKU
|
|
- HKCR
|
|
- HKCC
|
|
|
|
#### Key (optional)
|
|
Registry key to query in the Hive for.
|
|
|
|
## Usage
|
|
```
|
|
reg_query -Hive HKLM -Key System\\Setup
|
|
```
|
|
|
|
|
|
|
|
## MITRE ATT&CK Mapping
|
|
|
|
- T1012 |