F022Inconclusivevalidator: blocked
PsExec service registered in registry (PSEXESVC)
registry:hklm/system/controlset001/services/psexesvc/imagepath
Analyst narrative
PsExec service (PSEXESVC) detected in registry persistence layer (HKLM\System\ControlSet001\Services\PSEXESVC\ImagePath). Indicates remote execution capability installation for lateral movement.
Claims asserted
servicePSEXESVC
Proof chain · 0 facts
Every confirmed claim links by foreign key to the typed fact that validated it, and to the forensic tool that produced that fact. This is one finding_trace() query.
Source tools
parse_registry_persistence