Maria has executed a suspicious executable file in a controlled environment and wants to see if the file adds/modifies any registry value after execution via Windows Event Viewer. Which of the following event ID should she look for in this scenario?
A. Event ID 4657
Explanation:
Event ID 4657: This event is logged when there is a modification to an object’s attributes, including registry values. It provides information about what was changed, including the old and new values, making it useful for tracking changes to the registry.
Other Event IDs:
Event ID 4688: This event logs the creation of a new process, which would be useful for tracking the execution of the executable file itself but not for registry modifications.
Event ID 7040: This event records changes to the service configuration, which is not directly related to registry modifications made by a program.
Event ID 4624: This event logs a successful logon attempt, which is not related to registry modifications.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
aqeel1506
4 months agoElb
6 months ago