Registry Export of Third-Party Credentials (cc1abf27-78a3-4ac5-a51c-f3070b1d8e40)
Detects the use of reg.exe to export registry paths associated with third-party credentials. Credential stealers have been known to use this technique to extract sensitive information from the registry.