The malicious code also attempted to disable the Windows Defender by configuring the registry values associated with this defense feature. The malicious code executes a small program, just before starting the encryption process, to disable security tools running on the infected systems that could detect its operations.