diff --git a/README.md b/README.md
index 77dcb6e..d1f65d1 100644
--- a/README.md
+++ b/README.md
@@ -287,9 +287,38 @@ DisableRealtimeMonitoring
   
 When it disables the AV it modifies these registries:
 ```
+[RegCreateKeyExW]
+lpSubKey: SOFTWARE\Policies\Microsoft\Windows Defender
+[RegSetValueExW]
+lpValueName: DisableAntiSpyware
+[RegCreateKeyExW]
+lpSubKey: SOFTWARE\Microsoft\Windows Defender
+[RegCreateKeyExW]
+lpSubKey: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
+[RegCreateKeyExW]
+lpSubKey: SYSTEM\CurrentControlSet\Services\WinDefend
+[RegSetValueExW]
+lpValueName: Start
+[RegOpenKeyExW]
+lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+[RegQueryValueExW]
+lpValueName: SecurityHealth
+[RegCreateKeyExW]
+lpSubKey: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
+[RegSetValueExW]
+lpValueName: SecurityHealth
+[RegOpenKeyExW]
+lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+[RegEnumValueW]
+lpValueName: SecurityHealth
+[RegOpenKeyExW]
+lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
+[RegQueryValueExW]
+lpValueName: DisableRealtimeMonitoring
 ```
-  
 
+To enable the AV, we just do the opposite of what we needed to disable the AV.
+  
 ## tldr
 
 to disable windows defender we need to edit the following registries: