Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Response: Why are there extra characters at the end of reg_sz registry values when viewed through CB Live Response?

CB Response: Why are there extra characters at the end of reg_sz registry values when viewed through CB Live Response?

Environment

  • CB Response Server: 6.2.4 and Higher
  • CB Live Response

Question

Why are there extra characters at the end of reg_sz (string) registry values when viewed through CB Live Response?

Answer

When viewing registry keys through a 'Go Live' CB Live Response session, reg_sz (string) values will have a comma separated numerical value at the end, which represents the number of characters in that field.

Additional Notes

These numerical values are added to show that there may be spaces or non-printable characters in fields unexpectedly.

Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
207
Contributors