==================================================

CREATED: WIN-REG-CRED-EXPORT (#1760)

Description

This detector identifies instances of the Windows Registry Console Tool (reg.exe) exporting Windows Registry hives containing credentials. Adversaries use this technique to export secrets to disk for offline access. 

ATT&CK Technique T1003

Did this answer your question?