Fix corrupted Windows System Registry by Mimikatz | Generic Malware Containment Guide

What is Mimikatz and How it affected the system

Red Team experts use Mimikatz to compromise windows computers and extract user information from memory. It is an extremely powerful open-source post-exploitation tool which makes lateral movement easy for attackers.

Fix “Opening any folder or program opens Command Prompt”

Following all the generic containment steps the issue did not solve which I have discussed in the next part. Thus, given my experience in Windows Forensics, I realized it must be a small yet cleverly written code which must have broken something in system registries. Upon digging deeper into, “What happens when you double click to open a folder?”, I found that a registry command gets executed which is at “Computer\HKEY_CLASSES_ROOT\Folder\shell\open\command”.

Generic Steps to Contain Malware

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store