500704000x80000000000000003726Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Features\Controls\48 = 0x1 500704000x80000000000000003674Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Features\Controls\48 = 0x1 500704000x80000000000000003610Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Features\Controls\48 = 0x1 500704000x80000000000000003418Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SpyNetReporting = 0x2HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SpyNetReporting = 0x0 500704000x80000000000000003242Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009Default\ProductAppDataPath = C:\ProgramData\Microsoft\Windows DefenderHKLM\SOFTWARE\Microsoft\Windows Defender\ProductAppDataPath = C:\ProgramData\Microsoft\Windows Defender 500704000x80000000000000003209Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\ServiceStartStates = 0x1Default\ServiceStartStates = 0x0 500704000x80000000000000003208Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009Default\ServiceStartStates = 0x0HKLM\SOFTWARE\Microsoft\Windows Defender\ServiceStartStates = 0x1 500704000x80000000000000003207Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009Default\IsServiceRunning = 0x0HKLM\SOFTWARE\Microsoft\Windows Defender\IsServiceRunning = 0x1 500704000x80000000000000003150Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Features\Controls\48 = 0x1 500704000x80000000000000003050Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 = 0x2 500704000x80000000000000003049Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\5BEB7EFE-FD9A-4556-801D-275E5FFC04CC = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\5BEB7EFE-FD9A-4556-801D-275E5FFC04CC = 0x2 500704000x80000000000000003048Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D4F940AB-401B-4EFC-AADC-AD5F3C50688A = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D4F940AB-401B-4EFC-AADC-AD5F3C50688A = 0x2 500704000x80000000000000003047Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\d1e49aac-8f56-4280-b9ba-993a6d77406c = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\d1e49aac-8f56-4280-b9ba-993a6d77406c = 0x2 500704000x80000000000000003046Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c = 0x2 500704000x80000000000000003045Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 = 0x2 500704000x80000000000000003044Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B = 0x2 500704000x80000000000000003043Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 = 0x2 500704000x80000000000000003042Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\e6db77e5-3df2-4cf1-b95a-636979351e5b = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\e6db77e5-3df2-4cf1-b95a-636979351e5b = 0x2 500704000x80000000000000003041Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D3E037E1-3EB8-44C8-A917-57927947596D = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D3E037E1-3EB8-44C8-A917-57927947596D = 0x2 500704000x80000000000000003040Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\c1db55ab-c21a-4637-bb3f-a12568109d35 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\c1db55ab-c21a-4637-bb3f-a12568109d35 = 0x2 500704000x80000000000000003039Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\56a863a9-875e-4185-98a7-b882c64b5ce5 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\56a863a9-875e-4185-98a7-b882c64b5ce5 = 0x2 500704000x80000000000000003038Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\3B576869-A4EC-4529-8536-B80A7769E899 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\3B576869-A4EC-4529-8536-B80A7769E899 = 0x2 500704000x80000000000000003037Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\01443614-cd74-433a-b99e-2ecdc07bfc25 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\01443614-cd74-433a-b99e-2ecdc07bfc25 = 0x2 500704000x80000000000000003036Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\26190899-1602-49e8-8b27-eb1d0a1ce869 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\26190899-1602-49e8-8b27-eb1d0a1ce869 = 0x2 500704000x80000000000000003035Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 = 0x2 500704000x80000000000000003032Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 = 0x2HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 = 0x1 500704000x80000000000000003031Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\5BEB7EFE-FD9A-4556-801D-275E5FFC04CC = 0x2HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\5BEB7EFE-FD9A-4556-801D-275E5FFC04CC = 0x1 500704000x80000000000000003030Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D4F940AB-401B-4EFC-AADC-AD5F3C50688A = 0x2HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D4F940AB-401B-4EFC-AADC-AD5F3C50688A = 0x1 500704000x80000000000000003029Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\d1e49aac-8f56-4280-b9ba-993a6d77406c = 0x2HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\d1e49aac-8f56-4280-b9ba-993a6d77406c = 0x1 500704000x80000000000000003028Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c = 0x2HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c = 0x1 500704000x80000000000000003027Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 = 0x2HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 = 0x1 500704000x80000000000000003026Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B = 0x2HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B = 0x1 500704000x80000000000000003025Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 = 0x2HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 = 0x1 500704000x80000000000000003024Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\e6db77e5-3df2-4cf1-b95a-636979351e5b = 0x2HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\e6db77e5-3df2-4cf1-b95a-636979351e5b = 0x1 500704000x80000000000000003023Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D3E037E1-3EB8-44C8-A917-57927947596D = 0x2HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D3E037E1-3EB8-44C8-A917-57927947596D = 0x1 500704000x80000000000000003022Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\c1db55ab-c21a-4637-bb3f-a12568109d35 = 0x2HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\c1db55ab-c21a-4637-bb3f-a12568109d35 = 0x1 500704000x80000000000000003021Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\56a863a9-875e-4185-98a7-b882c64b5ce5 = 0x2HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\56a863a9-875e-4185-98a7-b882c64b5ce5 = 0x1 500704000x80000000000000003020Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\3B576869-A4EC-4529-8536-B80A7769E899 = 0x2HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\3B576869-A4EC-4529-8536-B80A7769E899 = 0x1 500704000x80000000000000003019Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\01443614-cd74-433a-b99e-2ecdc07bfc25 = 0x2HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\01443614-cd74-433a-b99e-2ecdc07bfc25 = 0x1 500704000x80000000000000003018Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\26190899-1602-49e8-8b27-eb1d0a1ce869 = 0x2HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\26190899-1602-49e8-8b27-eb1d0a1ce869 = 0x1 500704000x80000000000000003017Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 = 0x2HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 = 0x1 500704000x80000000000000003016Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 = 0x6HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 = 0x2 500704000x80000000000000003015Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\5BEB7EFE-FD9A-4556-801D-275E5FFC04CC = 0x6HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\5BEB7EFE-FD9A-4556-801D-275E5FFC04CC = 0x2 500704000x80000000000000003014Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D4F940AB-401B-4EFC-AADC-AD5F3C50688A = 0x6HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D4F940AB-401B-4EFC-AADC-AD5F3C50688A = 0x2 500704000x80000000000000003013Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\d1e49aac-8f56-4280-b9ba-993a6d77406c = 0x6HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\d1e49aac-8f56-4280-b9ba-993a6d77406c = 0x2 500704000x80000000000000003012Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c = 0x6HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c = 0x2 500704000x80000000000000003011Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 = 0x6HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 = 0x2 500704000x80000000000000003010Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B = 0x6HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B = 0x2 500704000x80000000000000003009Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 = 0x6HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 = 0x2 500704000x80000000000000003008Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\e6db77e5-3df2-4cf1-b95a-636979351e5b = 0x6HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\e6db77e5-3df2-4cf1-b95a-636979351e5b = 0x2 500704000x80000000000000003007Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D3E037E1-3EB8-44C8-A917-57927947596D = 0x6HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D3E037E1-3EB8-44C8-A917-57927947596D = 0x2 500704000x80000000000000003006Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\c1db55ab-c21a-4637-bb3f-a12568109d35 = 0x6HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\c1db55ab-c21a-4637-bb3f-a12568109d35 = 0x2 500704000x80000000000000003005Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\56a863a9-875e-4185-98a7-b882c64b5ce5 = 0x6HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\56a863a9-875e-4185-98a7-b882c64b5ce5 = 0x2 500704000x80000000000000003004Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\3B576869-A4EC-4529-8536-B80A7769E899 = 0x6HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\3B576869-A4EC-4529-8536-B80A7769E899 = 0x2 500704000x80000000000000003003Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\01443614-cd74-433a-b99e-2ecdc07bfc25 = 0x6HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\01443614-cd74-433a-b99e-2ecdc07bfc25 = 0x2 500704000x80000000000000003002Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\26190899-1602-49e8-8b27-eb1d0a1ce869 = 0x6HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\26190899-1602-49e8-8b27-eb1d0a1ce869 = 0x2 500704000x80000000000000003001Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 = 0x6HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 = 0x2 500704000x80000000000000002999Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 = 0x6 500704000x80000000000000002998Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\5BEB7EFE-FD9A-4556-801D-275E5FFC04CC = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\5BEB7EFE-FD9A-4556-801D-275E5FFC04CC = 0x6 500704000x80000000000000002997Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D4F940AB-401B-4EFC-AADC-AD5F3C50688A = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D4F940AB-401B-4EFC-AADC-AD5F3C50688A = 0x6 500704000x80000000000000002996Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\d1e49aac-8f56-4280-b9ba-993a6d77406c = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\d1e49aac-8f56-4280-b9ba-993a6d77406c = 0x6 500704000x80000000000000002995Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c = 0x6 500704000x80000000000000002994Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 = 0x6 500704000x80000000000000002993Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B = 0x6 500704000x80000000000000002992Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 = 0x6 500704000x80000000000000002991Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\e6db77e5-3df2-4cf1-b95a-636979351e5b = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\e6db77e5-3df2-4cf1-b95a-636979351e5b = 0x6 500704000x80000000000000002990Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D3E037E1-3EB8-44C8-A917-57927947596D = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\D3E037E1-3EB8-44C8-A917-57927947596D = 0x6 500704000x80000000000000002989Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\c1db55ab-c21a-4637-bb3f-a12568109d35 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\c1db55ab-c21a-4637-bb3f-a12568109d35 = 0x6 500704000x80000000000000002988Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\56a863a9-875e-4185-98a7-b882c64b5ce5 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\56a863a9-875e-4185-98a7-b882c64b5ce5 = 0x6 500704000x80000000000000002987Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\3B576869-A4EC-4529-8536-B80A7769E899 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\3B576869-A4EC-4529-8536-B80A7769E899 = 0x6 500704000x80000000000000002986Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\01443614-cd74-433a-b99e-2ecdc07bfc25 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\01443614-cd74-433a-b99e-2ecdc07bfc25 = 0x6 500704000x80000000000000002985Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\26190899-1602-49e8-8b27-eb1d0a1ce869 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\26190899-1602-49e8-8b27-eb1d0a1ce869 = 0x6 500704000x80000000000000002984Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules\b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 = 0x6 500704000x80000000000000002911Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\Features\Controls\48 = 0x1 500704000x80000000000000002908Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\SmartLockerMode = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\SmartLockerMode = 0x0 500704000x80000000000000002907Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009HKLM\SOFTWARE\Microsoft\Windows Defender\VerifiedAndReputableTrustModeEnabled = 0x1HKLM\SOFTWARE\Microsoft\Windows Defender\VerifiedAndReputableTrustModeEnabled = 0x0 11/20/2023 03:31:50 AM LogName=Microsoft-Windows-Windows Defender/Operational EventCode=5007 EventType=4 ComputerName=researchvmhaa User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 SourceName=Microsoft-Windows-Windows Defender Type=Information RecordNumber=2779 Keywords=None TaskCategory=None OpCode=Info Message=Microsoft Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware. Old value: Default\SacLearningModeSwitch = 0x0 New value: HKLM\SOFTWARE\Microsoft\Windows Defender\SacLearningModeSwitch = 0x1 11/20/2023 03:31:45 AM LogName=Microsoft-Windows-Windows Defender/Operational EventCode=5007 EventType=4 ComputerName=researchvmhaa User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 SourceName=Microsoft-Windows-Windows Defender Type=Information RecordNumber=2772 Keywords=None TaskCategory=None OpCode=Info Message=Microsoft Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware. Old value: New value: HKLM\SOFTWARE\Microsoft\Windows Defender\Features\Controls\48 = 0x1 11/19/2023 03:39:33 PM LogName=Microsoft-Windows-Windows Defender/Operational EventCode=5007 EventType=4 ComputerName=researchvmhaa User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 SourceName=Microsoft-Windows-Windows Defender Type=Information RecordNumber=2740 Keywords=None TaskCategory=None OpCode=Info Message=Microsoft Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware. Old value: HKLM\SOFTWARE\Microsoft\Windows Defender\Features\Controls\48 = 0x1 New value: 11/19/2023 01:31:53 AM LogName=Microsoft-Windows-Windows Defender/Operational EventCode=5007 EventType=4 ComputerName=researchvmhaa User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 SourceName=Microsoft-Windows-Windows Defender Type=Information RecordNumber=2597 Keywords=None TaskCategory=None OpCode=Info Message=Microsoft Defender Antivirus Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware. Old value: New value: HKLM\SOFTWARE\Microsoft\Windows Defender\Features\Controls\48 = 0x1