Skip to content
.ca
Home
Posts
Engagements
Recaps
IOCs
About
Search posts and IOCs
sign in
Loading…
indicator
registry_key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\ExplorerGuard
copy defanged
copy refanged (live)
First seen
2026-06-01
Last seen
2026-06-01
Sightings
1
Posts referencing this indicator
FSB’s matryoshka #1/3 – Gamaredon’s gifts that keeps unpacking – GammaPhish and GammaWorm
Sekoia.io
Persistence mechanism for GammaWorm
2026-06-01
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\ExplorerGuard · registry key · cyfar.ca
