Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

Our observed CGO

C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\Windows\system32\svchost.exe -k netsvcs
C:\\Program Files (x86)\\Veeam\\Backup Transport\\VeeamTransportSvc.exe\""


All trying to modify a specific reg key:


key_name": "bcd00000000\\objects\\{d80ed0e8-d6da-11e7-b27f-ab3a45175c5d}\\elements\\25000080"

"value": "base64: AgAAAAAAAAA="

AgAAAAAAAA= it's a NULL sledge , effectively impeding the boot in safe mode.
(valid values are: 0 = Minimal 1 = Network 2 = DsRepair)




Who rated this post