Registry
From AlphaBook
Run at Startup
- Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
- Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
- Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
- Value Name: WindowsDefender
- Type: String Value (REG_SZ)
- Value Data: "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
Services
- Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
- Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services
- Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services