Windows Registry Editor Version 5.00
; DFB Registry Forensics - RegRipper tarzi export (HKLM/HKCU Run + LastWrite)
; Inceleme: kalicilik (persistence) triyaji. Zararli girdiyi mesru olanlardan ayir.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
; LastWrite: 2026-06-15 08:02:11 UTC
"SecurityHealth"="C:\Windows\System32\SecurityHealthSystray.exe"
"RtkAudUService"="C:\Windows\System32\RtkAudUService64.exe -background"
"OneDrive"="C:\Program Files\Microsoft OneDrive\OneDrive.exe /background"
; --- asagidaki girdi LastWrite: 2026-06-18 11:09:03 UTC (olay aniyla ayni) ---
"WindowsUpdate"="C:\Users\Public\Libraries\update.exe -silent"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
; LastWrite: 2026-05-30 19:44:55 UTC
"Spotify"="C:\Users\jdoe\AppData\Roaming\Spotify\Spotify.exe -minimized"
"OneDriveStandalone"="C:\Users\jdoe\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe"