Reg.exe Manipulating Windows Services Registry Keys
The search looks for reg.exe modifying registry keys that define Windows services and their configurations.
This content is not mapped to any local saved search. Add mapping
Reg.exe Manipulating Windows Services Registry Keys Help
This search looks for modifications to registry paths that specify the definition and configuration of Windows services by reg.exe. Reg.exe is a Windows utility that allows for manipulation of the registry via the command line. Malware often uses the Windows services architecture to persist, hide in plain sight, and gain the ability to interact with the Windows kernel. While it is common to modify the configuration of Windows services (and new services may be created with software installs), the use of reg.exe to create or modify a service configuration is unusual and a technique commonly used by attackers. The search returns the count, the first time the activity was seen, the last time activity was seen, the registry path that was modified, the host where the modification took place, and the user that performed the modification.