IOC Report
e93wY5kRY0.ps1

loading gif

Files

File Path
Type
Category
Malicious
e93wY5kRY0.ps1
ASCII text, with very long lines (65312), with CRLF, LF line terminators
initial sample
malicious
C:\ProgramData\E8D5.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\ProgramData\kF0wnCN24.bmp
PC bitmap, Windows 3.x format, 1280 x 1024 x 16, image size 2621440, cbSize 2621494, bits offset 54
dropped
malicious
C:\Users\user\Desktop\VWDFPKGDUF\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\e93wY5kRY0.ps1
data
modified
malicious
C:\Users\user\Desktop\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\GRXZDKKVDB\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\LIJDSFKJZG\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\NWCXBPIUYI\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\NYMMPCEIMA\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\Users\user\Videos\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\Users\user\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\Users\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\$WinREAgent\Scratch\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\$WinREAgent\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\7E0B47C2\3BD0.tmp
data
dropped
C:\ProgramData\kF0wnCN24.ico
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
dropped
C:\Users\user\.curlrc.kF0wnCN24
OpenPGP Public Key
dropped
C:\Users\user\.ms-ad\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\3D Objects\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0gnf0vqy.flt.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aivmnw2w.et0.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bc2iqh5c.xaf.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lgd3j3tg.wxk.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mm3opjod.por.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_opqdudv0.x1a.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YEYVH5OXCEZ514J2Q50M.temp
data
dropped
C:\Users\user\Contacts\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Desktop\BJZFPPWAPT.docx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\BJZFPPWAPT.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\BJZFPPWAPT\BJZFPPWAPT.docx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\BJZFPPWAPT\DUUDTUBZFW.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\BJZFPPWAPT\EWZCVGNOWT.jpg.kF0wnCN24
data
dropped
C:\Users\user\Desktop\BJZFPPWAPT\JDDHMPCDUJ.mp3.kF0wnCN24
OpenPGP Public Key
dropped
C:\Users\user\Desktop\BJZFPPWAPT\KLIZUSIQEN.png.kF0wnCN24
data
dropped
C:\Users\user\Desktop\BJZFPPWAPT\ZGGKNSUKOP.pdf.kF0wnCN24
data
dropped
C:\Users\user\Desktop\BJZFPPWAPT\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Desktop\DUUDTUBZFW.jpg.kF0wnCN24
data
dropped
C:\Users\user\Desktop\DUUDTUBZFW.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\EIVQSAOTAQ\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Desktop\EOWRVPQCCS.png.kF0wnCN24
data
dropped
C:\Users\user\Desktop\EWZCVGNOWT.jpg.kF0wnCN24
data
dropped
C:\Users\user\Desktop\EWZCVGNOWT\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Desktop\GIGIYTFFYT.pdf.kF0wnCN24
data
dropped
C:\Users\user\Desktop\GLTYDMDUST.mp3.kF0wnCN24
data
dropped
C:\Users\user\Desktop\GRXZDKKVDB.docx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\GRXZDKKVDB\BJZFPPWAPT.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\GRXZDKKVDB\DUUDTUBZFW.jpg.kF0wnCN24
data
dropped
C:\Users\user\Desktop\GRXZDKKVDB\EOWRVPQCCS.png.kF0wnCN24
SoftQuad DESC or font file binary
dropped
C:\Users\user\Desktop\GRXZDKKVDB\GRXZDKKVDB.docx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\GRXZDKKVDB\PALRGUCVEH.pdf.kF0wnCN24
data
dropped
C:\Users\user\Desktop\GRXZDKKVDB\ZGGKNSUKOP.mp3.kF0wnCN24
data
dropped
C:\Users\user\Desktop\GRXZDKKVDB\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Desktop\JDDHMPCDUJ.jpg.kF0wnCN24
data
dropped
C:\Users\user\Desktop\JDDHMPCDUJ.mp3.kF0wnCN24
data
dropped
C:\Users\user\Desktop\KLIZUSIQEN.png.kF0wnCN24
data
dropped
C:\Users\user\Desktop\LIJDSFKJZG\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Desktop\NWCXBPIUYI\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Desktop\NYMMPCEIMA\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Desktop\PALRGUCVEH.docx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\PALRGUCVEH.pdf.kF0wnCN24
data
dropped
C:\Users\user\Desktop\PALRGUCVEH\GIGIYTFFYT.pdf.kF0wnCN24
data
dropped
C:\Users\user\Desktop\PALRGUCVEH\GLTYDMDUST.mp3.kF0wnCN24
data
dropped
C:\Users\user\Desktop\PALRGUCVEH\JDDHMPCDUJ.jpg.kF0wnCN24
data
dropped
C:\Users\user\Desktop\PALRGUCVEH\PALRGUCVEH.docx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\PALRGUCVEH\ZGGKNSUKOP.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\PALRGUCVEH\ZIPXYXWIOY.png.kF0wnCN24
data
dropped
C:\Users\user\Desktop\PALRGUCVEH\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Desktop\ZGGKNSUKOP.mp3.kF0wnCN24
data
dropped
C:\Users\user\Desktop\ZGGKNSUKOP.pdf.kF0wnCN24
data
dropped
C:\Users\user\Desktop\ZGGKNSUKOP.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\ZIPXYXWIOY.png.kF0wnCN24
data
dropped
C:\Users\user\Documents\BJZFPPWAPT.docx.kF0wnCN24
data
dropped
C:\Users\user\Documents\BJZFPPWAPT.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Documents\BJZFPPWAPT\BJZFPPWAPT.docx.kF0wnCN24
data
dropped
C:\Users\user\Documents\BJZFPPWAPT\DUUDTUBZFW.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Documents\BJZFPPWAPT\EWZCVGNOWT.jpg.kF0wnCN24
data
dropped
C:\Users\user\Documents\BJZFPPWAPT\JDDHMPCDUJ.mp3.kF0wnCN24
data
dropped
C:\Users\user\Documents\BJZFPPWAPT\KLIZUSIQEN.png.kF0wnCN24
data
dropped
C:\Users\user\Documents\BJZFPPWAPT\ZGGKNSUKOP.pdf.kF0wnCN24
data
dropped
C:\Users\user\Documents\BJZFPPWAPT\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Documents\DUUDTUBZFW.jpg.kF0wnCN24
OpenPGP Public Key
dropped
C:\Users\user\Documents\DUUDTUBZFW.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Documents\EIVQSAOTAQ\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Documents\EOWRVPQCCS.png.kF0wnCN24
data
dropped
C:\Users\user\Documents\EWZCVGNOWT.jpg.kF0wnCN24
data
dropped
C:\Users\user\Documents\EWZCVGNOWT\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Documents\GIGIYTFFYT.pdf.kF0wnCN24
data
dropped
C:\Users\user\Documents\GLTYDMDUST.mp3.kF0wnCN24
data
dropped
C:\Users\user\Documents\GRXZDKKVDB.docx.kF0wnCN24
data
dropped
C:\Users\user\Documents\GRXZDKKVDB\BJZFPPWAPT.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Documents\GRXZDKKVDB\DUUDTUBZFW.jpg.kF0wnCN24
data
dropped
C:\Users\user\Documents\GRXZDKKVDB\EOWRVPQCCS.png.kF0wnCN24
PGP Secret Sub-key -
dropped
C:\Users\user\Documents\GRXZDKKVDB\GRXZDKKVDB.docx.kF0wnCN24
data
dropped
C:\Users\user\Documents\GRXZDKKVDB\PALRGUCVEH.pdf.kF0wnCN24
data
dropped
C:\Users\user\Documents\GRXZDKKVDB\ZGGKNSUKOP.mp3.kF0wnCN24
data
dropped
C:\Users\user\Documents\JDDHMPCDUJ.jpg.kF0wnCN24
data
dropped
C:\Users\user\Documents\JDDHMPCDUJ.mp3.kF0wnCN24
data
dropped
C:\Users\user\Documents\KLIZUSIQEN.png.kF0wnCN24
data
dropped
C:\Users\user\Documents\PALRGUCVEH.docx.kF0wnCN24
data
dropped
C:\Users\user\Documents\PALRGUCVEH.pdf.kF0wnCN24
data
dropped
C:\Users\user\Documents\PALRGUCVEH\GIGIYTFFYT.pdf.kF0wnCN24
data
dropped
C:\Users\user\Documents\PALRGUCVEH\GLTYDMDUST.mp3.kF0wnCN24
data
dropped
C:\Users\user\Documents\PALRGUCVEH\JDDHMPCDUJ.jpg.kF0wnCN24
data
dropped
C:\Users\user\Documents\PALRGUCVEH\PALRGUCVEH.docx.kF0wnCN24
data
dropped
C:\Users\user\Documents\PALRGUCVEH\ZGGKNSUKOP.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Documents\PALRGUCVEH\ZIPXYXWIOY.png.kF0wnCN24
data
dropped
C:\Users\user\Documents\PALRGUCVEH\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Documents\VWDFPKGDUF\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Documents\ZGGKNSUKOP.mp3.kF0wnCN24
data
dropped
C:\Users\user\Documents\ZGGKNSUKOP.pdf.kF0wnCN24
data
dropped
C:\Users\user\Documents\ZGGKNSUKOP.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Documents\ZIPXYXWIOY.png.kF0wnCN24
data
dropped
C:\Users\user\Documents\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Downloads\BJZFPPWAPT.docx.kF0wnCN24
data
dropped
C:\Users\user\Downloads\BJZFPPWAPT.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Downloads\DUUDTUBZFW.jpg.kF0wnCN24
data
dropped
C:\Users\user\Downloads\DUUDTUBZFW.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Downloads\EOWRVPQCCS.png.kF0wnCN24
data
dropped
C:\Users\user\Downloads\EWZCVGNOWT.jpg.kF0wnCN24
data
dropped
C:\Users\user\Downloads\GIGIYTFFYT.pdf.kF0wnCN24
data
dropped
C:\Users\user\Downloads\GLTYDMDUST.mp3.kF0wnCN24
data
dropped
C:\Users\user\Downloads\GRXZDKKVDB.docx.kF0wnCN24
data
dropped
C:\Users\user\Downloads\JDDHMPCDUJ.jpg.kF0wnCN24
data
dropped
C:\Users\user\Downloads\JDDHMPCDUJ.mp3.kF0wnCN24
data
dropped
C:\Users\user\Downloads\KLIZUSIQEN.png.kF0wnCN24
data
dropped
C:\Users\user\Downloads\PALRGUCVEH.docx.kF0wnCN24
data
dropped
C:\Users\user\Downloads\PALRGUCVEH.pdf.kF0wnCN24
data
dropped
C:\Users\user\Downloads\ZGGKNSUKOP.mp3.kF0wnCN24
data
dropped
C:\Users\user\Downloads\ZGGKNSUKOP.pdf.kF0wnCN24
data
dropped
C:\Users\user\Downloads\ZGGKNSUKOP.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Downloads\ZIPXYXWIOY.png.kF0wnCN24
data
dropped
C:\Users\user\Downloads\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Favorites\Amazon.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\Bing.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\Facebook.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\Google.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\Links\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Favorites\Live.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\NYTimes.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\Reddit.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\Twitter.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\Wikipedia.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\Youtube.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Links\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Music\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\OneDrive\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Pictures\Camera Roll\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Pictures\Saved Pictures\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Pictures\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Recent\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Saved Games\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Searches\Everywhere.search-ms.kF0wnCN24
data
dropped
C:\Users\user\Searches\Indexed Locations.search-ms.kF0wnCN24
data
dropped
C:\Users\user\Searches\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms.kF0wnCN24
data
dropped
C:\Users\user\_curlrc.kF0wnCN24
data
dropped
c:\users\user\desktop\AAAAAAAAAAAAAAA (copy)
data
dropped
There are 152 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\e93wY5kRY0.ps1"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -ex bypass -nonI C:\Users\user\Desktop\e93wY5kRY0.ps1
malicious
C:\ProgramData\E8D5.tmp
"C:\ProgramData\E8D5.tmp"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
http://lockbitapiahy43zttdhslabjvx4q6k24xx7r33qtcvwqehmnnqxy3yd.onion
unknown
malicious
http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
unknown
malicious
http://lockbitapp24bvbi43n3qmtfcasf2veaeagjxatgbwtxnsh5w32mljad.onion
unknown
malicious
http://lockbitsptqsmaf56cmo7bieqwh5htlsfkodpahsaurxlquoz67zwrad.onion
unknown
malicious
http://lockbitspyakyequybgwgwauhzqxx7ba2gh3lmlj3zyeuaknrexdzfid.onion
unknown
malicious
http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
unknown
malicious
http://lockbitspxgtf65ej7uu5h7qtephbevcsc2sk2brxzmt754etrrzhdqd.onion
unknown
malicious
https://electrum.org/
unknown
malicious
http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
unknown
malicious
http://lockbitapyx2kr5b7ma7qn6ziwqgbrij2czhcbojuxmgnwpkgv2yx2yd.onion
unknown
malicious
http://lockbitapo3wkqddx2ka7t45hejurybzzjpos4cpeliudgv35kkizrid.onion
unknown
malicious
http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
unknown
malicious
http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
unknown
malicious
http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
unknown
malicious
http://lockbitapyum2wks2lbcnrovcgxj7ne3ua7hhcmshh3s3ajtpookohqd.onion
unknown
malicious
http://lockbitspudgjptrzadjzi7b4n2nw3yq6aqqqqw6wbrrjkr2ffuhkhyd.onion
unknown
malicious
http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
unknown
malicious
http://xvt5hvgldlzbll33sytrafy4sczfnqzrzdfuxe272iiaaw7pgogcxbid.onion
unknown
malicious
http://lockbitspxmqqfi6bw4y7f5psnpoaakhlisdx33busmnpgtimart5fad.onion
unknown
malicious
http://nuget.org/NuGet.exe
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
https://aka.ms/winsvr-2022-pshelp
unknown
http://pesterbdd.com/images/Pester.png
unknown
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://contoso.com/License
unknown
https://contoso.com/Icon
unknown
https://www.torproject.org/
unknown
https://bitcoin.org
unknown
https://github.com/Pester/Pester
unknown
http://www.microsoft.coD
unknown
https://github.com/Pester/Pester0
unknown
http://www.microsoft.coDq
unknown
https://aka.ms/pscore6lB
unknown
http://schemas.xmlsoap.org/wsdl/
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://oneget.orgX
unknown
https://twitter.com/hashtag/lockbit?f=live.
unknown
https://aka.ms/pscore68
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://oneget.org
unknown
There are 32 hidden URLs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Control Panel\Desktop
WallPaper
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.kF0wnCN24
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kF0wnCN24\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AirSpaceChannel
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AMSI/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\DirectShowFilterGraph
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\DirectShowPluginControl
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Els_Hyphenation/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\EndpointMapper
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\FirstUXPerf-Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\ForwardedEvents
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\General Logging
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Intel-iaLPSS-GPIO/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MedaFoundationVideoProc
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationAsyncWrapper
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationContentProtection
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationDeviceProxy
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationDS
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationMP4
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationPerformanceCore
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationPipeline
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-AppV-Client-Streamingux/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-AppV-Client/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-AppV-Client/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-License-Flexible-Platform/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-Licensing-Platform/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-PerfTrack-IEFRAME/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-Agent Driver/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-Agent Driver/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-Agent Driver/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-App Agent/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-App Agent/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-IPC/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ActionQueue/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ADSI/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-All-User-Install-Agent/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AllJoyn/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppHost/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppID/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Applicabilityuser/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Applicabilityuser/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application Server-Applications/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application Server-Applications/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application Server-Applications/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application Server-Applications/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application-Experience/Steps-Recorder
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application-Experience/Steps-Recorder
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppLocker/EXE and DLL
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppLocker/EXE and DLL
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppLocker/MSI and Script
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppLocker/MSI and Script
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppLocker/Packaged app-Deployment
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppLocker/Packaged app-Deployment
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppLocker/Packaged app-Execution
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppModel-Runtime/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppModel-Runtime/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppModel-Runtime/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppModel-State/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppReadiness/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppReadiness/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppSruProv
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeployment/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeployment/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeploymentServer/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeploymentServer/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeploymentServer/Restricted
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppxPackaging/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppxPackaging/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ASN1/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AssignedAccess/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AssignedAccess/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ATAPort/General
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ATAPort/SATA-LPM
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/CaptureMonitor
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/CaptureMonitor
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/GlitchDetection
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/Informational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/PlaybackManager
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Authentication/ProtectedUser-Client
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AxInstallService/Log
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BackgroundTaskInfrastructure/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Backup
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Backup
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Base-Filtering-user-Resource-Flows/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Battery/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Biometrics/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Biometrics/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker-Driver-Performance/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker/BitLocker Management
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker/BitLocker Management
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bits-Client/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bits-Client/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bluetooth-MTPEnum/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bluetooth-MTPEnum/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BranchCacheSMB/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BTH-BTHPORT/HCI
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BTH-BTHUSB/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CAPI2/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CodeIntegrity/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CodeIntegrity/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CodeIntegrity/Verbose
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Compat-Appraiser/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Compat-Appraiser/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcifs/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcifs/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcnfs/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcnfs/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcnfs/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-BCRYPT/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-DPAPI/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-DSSEnh/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-NCrypt/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-RNG/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DataIntegrityScan/CrashRecovery
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DataIntegrityScan/CrashRecovery
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DateTimeControlPanel/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DateTimeControlPanel/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DDisplay/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DDisplay/Logging
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Deduplication/Diagnostic
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Deduplication/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Deduplication/Performance
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Defrag-Core/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DeviceUpdateAgent/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-PCW/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-WDI/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Networking/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Networking/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Networking/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Performance/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Performance/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Performance/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Direct3D11/Logging
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Direct3D11/PerfTiming
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Direct3D12/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DiskDiagnosticDataCollector/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DiskDiagnosticDataCollector/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DiskDiagnosticResolver/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DisplaySwitch/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DSC/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DSC/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DucUpdateAgent/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Dwm-Core/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Dwm-Dwm/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl-Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl-Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl-Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl-Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl/Contention
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl/Performance
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl/Power
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DXP/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxpTaskSyncProvider/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapHost/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapHost/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapMethods-RasTls/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapMethods-RasTls/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapMethods-Ttls/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapMethods-Ttls/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EDP-Audit-Regular/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EDP-Audit-TCB/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EDP-Audit-TCB/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EventCollector/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EventLog/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FeatureConfiguration/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FeatureConfiguration/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-Catalog/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-user/BackupLog
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-EventListener/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-GroupPolicy/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HAL/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HealthCenter/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HealthCenter/Performance
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HealthCenterCPL/Performance
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Help/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-Hypervisor-Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-NETVSC/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-VID-Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IME-TCTIP/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Input-HIDCLASS-Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-International-RegionalOptionsControlPanel/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-International-RegionalOptionsControlPanel/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Iphlpsvc/Trace
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IPxlatCfg/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IPxlatCfg/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-KdsSvc/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-KdsSvc/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kerberos/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-AppCompat/Performance
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-ApphelpCache/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-LiveDump/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-LiveDump/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-PnP/Boot Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-WDI/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-XDV/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-KeyboardFilter/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-KeyboardFilter/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LimitsManagement/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LiveId/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Media-Streaming/DMR
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Media-Streaming/MDE
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MediaFoundation-MFReadWrite/Transform
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MediaFoundation-Performance/SARStreamResource
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MemoryDiagnostics-Results/Debug
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MemoryDiagnostics-Results/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MobilityCenter/Performance
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-mobsync/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MSPaint/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MSPaint/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MUI/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MUI/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Ncasvc/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NcdAutoSetup/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NcdAutoSetup/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NDF-HelperClassDiscovery/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NDIS/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Ndu/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Network-Connection-Broker
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Networking-Correlation/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkLocationWizard/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkLocationWizard/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkProfile/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkProfile/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkProfile/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkProvider/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkProvider/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkProvisioning/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ntshrui-perf
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OcpUpdateAgent/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OfflineFiles/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OfflineFiles/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OneBackup/Debug
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OOBE-Machine-DUI/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OOBE-Machine-DUI/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OobeLdr/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OtpCredentialProvider/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PackageStateRoaming/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PackageStateRoaming/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ParentalControls/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Partition/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Partition/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Policy/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PortableDeviceSyncProvider/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PrintBRM/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PrintBRM/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PrintService-USBMon/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PrintService/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PrintService/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PrintService/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Privacy-Auditing/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Privacy-Auditing/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ProcessStateManager/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PushNotification-Platform/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PushNotification-Platform/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-QoS-Pacer/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReadyBoostDriver/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Regsvr32/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Regsvr32/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteApp and Desktop Connections/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteApp and Desktop Connections/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteAssistance/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteAssistance/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteAssistance/Tracing
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Remotefs-Rdbss/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Remotefs-Rdbss/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Resource-Exhaustion-Detector/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RetailDemo/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RPC/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Search-ProtocolHandlers/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SearchUI/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-Adminless/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-SPP/Perf
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-UserConsentVerifier/Audit
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Sens/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Setup/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmartCard-Audit/Authentication
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmartCard-Audit/Authentication
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBClient/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmbClient/Audit
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmbClient/Audit
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmbClient/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBServer/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBServer/Audit
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBServer/Audit
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBServer/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBServer/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBServer/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBServer/Performance
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBServer/Security
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBWitnessClient/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBWitnessClient/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StateRepository/Restricted
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Disk/Diagnose
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Disk/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Storport/Diagnose
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Storport/Health
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Tiering/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Tiering/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageManagement/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageManagement/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSettings/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-SpaceManager/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-SpaceManager/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storsvc/Diagnostic
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storsvc/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TCPIP/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TenantRestrictions/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-PnPDevices/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-PnPDevices/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-RDPClient/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ThemeUI/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Threat-Intelligence/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Time-Service/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Time-Service/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-User Control Panel Usage/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-User Profile Service/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-User Profile Service/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-User Profile Service/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-VerifyHardwareSecurity/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsSystemAssessmentTool/Tracing
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WinNat/Oper
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WinNat/Trace
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WorkFolders/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WorkFolders/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WPD-MTPClassDriver/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Network Isolation Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\NIS-Driver-WFP/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeChannel
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OpenSSH/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\PlayReadyPerformanceChannel
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Setup
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Windows Networking Vpn Plugin Platform/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\WINDOWS_KS_CHANNEL
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\WINDOWS_MFH264Enc_CHANNEL
ChannelAccess
There are 367 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
5F04000
trusted library allocation
page read and write
malicious
9641000
direct allocation
page execute read
malicious
5F9F000
trusted library allocation
page read and write
malicious
9D0000
heap
page read and write
4D12000
trusted library allocation
page read and write
B88000
heap
page read and write
7FE30000
direct allocation
page read and write
9740000
trusted library allocation
page execute and read and write
7E90000
trusted library allocation
page read and write
716E000
heap
page read and write
21F4FFD0000
heap
page read and write
73F0000
trusted library allocation
page read and write
405000
unkown
page read and write
9640000
direct allocation
page read and write
2523000
heap
page execute and read and write
21F36120000
heap
page read and write
5C7F000
trusted library allocation
page read and write
90C4000
trusted library allocation
page read and write
2A5F000
stack
page read and write
7FE20000
direct allocation
page execute and read and write
2CDE000
stack
page read and write
21F39425000
trusted library allocation
page read and write
96E1000
trusted library allocation
page read and write
9CE000
unkown
page read and write
9090000
trusted library allocation
page read and write
992D000
heap
page read and write
70CA000
heap
page read and write
5AC000
stack
page read and write
7FFD34310000
trusted library allocation
page read and write
7FE10000
direct allocation
page read and write
EDC000
stack
page read and write
4E6C000
heap
page read and write
9550000
trusted library allocation
page read and write
2550000
heap
page read and write
7FFD34094000
trusted library allocation
page read and write
986000
heap
page read and write
7FFD34330000
trusted library allocation
page read and write
91BE000
heap
page read and write
AD3000
trusted library allocation
page execute and read and write
21F50057000
heap
page read and write
7FFD340AB000
trusted library allocation
page read and write
E18000
heap
page read and write
5FA000
heap
page read and write
6B5D000
stack
page read and write
5B42000
trusted library allocation
page read and write
90E1000
trusted library allocation
page read and write
6CF5000
heap
page execute and read and write
21F500D7000
heap
page execute and read and write
7FFD34093000
trusted library allocation
page execute and read and write
E1D44B9000
stack
page read and write
F7E000
stack
page read and write
712A000
heap
page read and write
7410000
trusted library allocation
page read and write
2F1F000
stack
page read and write
7FFD34340000
trusted library allocation
page read and write
6DBB000
stack
page read and write
98C3000
heap
page execute and read and write
7040000
trusted library allocation
page read and write
586C000
heap
page read and write
6CDD000
stack
page read and write
7FFD34272000
trusted library allocation
page read and write
7400000
trusted library allocation
page read and write
AFA000
trusted library allocation
page execute and read and write
21F39A5F000
trusted library allocation
page read and write
7FFD34370000
trusted library allocation
page read and write
98C0000
heap
page execute and read and write
7FFD34280000
trusted library allocation
page execute and read and write
21F502AA000
heap
page read and write
7380000
trusted library allocation
page read and write
404000
unkown
page readonly
E1D43B6000
stack
page read and write
70D7000
heap
page read and write
47D0000
heap
page read and write
9700000
trusted library allocation
page execute and read and write
9760000
heap
page execute and read and write
7FFD3424A000
trusted library allocation
page read and write
405000
unkown
page write copy
55BE000
trusted library allocation
page read and write
7FFD34146000
trusted library allocation
page read and write
7FFD34290000
trusted library allocation
page read and write
7FFD34380000
trusted library allocation
page read and write
21F47EAA000
trusted library allocation
page read and write
74AB000
stack
page read and write
E10000
heap
page read and write
982F000
stack
page read and write
7FFD343C0000
trusted library allocation
page read and write
7F51000
trusted library allocation
page read and write
9600000
trusted library allocation
page read and write
7FFD342F0000
trusted library allocation
page read and write
21F48022000
trusted library allocation
page read and write
7E34000
stack
page read and write
7F3E000
stack
page read and write
21F48002000
trusted library allocation
page read and write
9164000
heap
page read and write
21F396BB000
trusted library allocation
page read and write
21F36140000
heap
page read and write
73E0000
trusted library allocation
page read and write
21F502F2000
heap
page read and write
AC0000
trusted library allocation
page read and write
275F000
stack
page read and write
7FFD34300000
trusted library allocation
page read and write
8FFC000
stack
page read and write
19D000
stack
page read and write
9168000
heap
page read and write
97D000
unkown
page read and write
E1D473B000
stack
page read and write
F20000
trusted library allocation
page read and write
21F4FFEF000
heap
page read and write
21F35FF6000
heap
page read and write
9134000
heap
page read and write
21F3968F000
trusted library allocation
page read and write
2450000
heap
page read and write
240E000
stack
page read and write
21F500D0000
heap
page execute and read and write
992B000
heap
page read and write
860000
heap
page read and write
B80000
heap
page read and write
21F48042000
trusted library allocation
page read and write
7FFD342E0000
trusted library allocation
page read and write
21F37E81000
trusted library allocation
page read and write
7E60000
trusted library allocation
page read and write
21F37E10000
trusted library allocation
page read and write
97EC000
stack
page read and write
9086000
trusted library allocation
page read and write
A5F000
stack
page read and write
21F37E50000
heap
page execute and read and write
2520000
heap
page execute and read and write
94C5000
trusted library allocation
page read and write
F1E000
stack
page read and write
7F950000
trusted library allocation
page execute and read and write
73D0000
trusted library allocation
page read and write
7EFD000
stack
page read and write
73A0000
trusted library allocation
page read and write
E1D510E000
stack
page read and write
E80000
trusted library allocation
page read and write
6DC0000
heap
page read and write
9620000
trusted library allocation
page execute and read and write
7DF442B70000
trusted library allocation
page execute and read and write
21F39137000
trusted library allocation
page read and write
21F3999A000
trusted library allocation
page read and write
94D0000
trusted library allocation
page read and write
7FFD340A0000
trusted library allocation
page read and write
90D0000
trusted library allocation
page read and write
73B0000
trusted library allocation
page read and write
21F35F30000
heap
page read and write
21F4FE8F000
heap
page read and write
E1D3EFE000
stack
page read and write
BBB000
heap
page read and write
47D7000
heap
page read and write
5F0000
heap
page read and write
AE0000
trusted library allocation
page read and write
21F39139000
trusted library allocation
page read and write
401000
unkown
page execute and read and write
401000
unkown
page execute read
21F36001000
heap
page read and write
E1D427D000
stack
page read and write
21F502B1000
heap
page read and write
8FBE000
stack
page read and write
21F36017000
heap
page read and write
2B5F000
stack
page read and write
2E1E000
stack
page read and write
7135000
heap
page read and write
7FFD34092000
trusted library allocation
page read and write
21F47E81000
trusted library allocation
page read and write
6F6E000
stack
page read and write
4C77000
trusted library allocation
page read and write
410000
heap
page read and write
AD4000
trusted library allocation
page read and write
21F501C0000
heap
page read and write
7440000
trusted library allocation
page read and write
7FFD343B0000
trusted library allocation
page read and write
9158000
heap
page read and write
7FFD3414C000
trusted library allocation
page execute and read and write
6C5E000
stack
page read and write
463F000
stack
page read and write
21F37E70000
heap
page read and write
9340000
trusted library allocation
page read and write
B02000
trusted library allocation
page read and write
21F37A20000
trusted library allocation
page read and write
6FEE000
stack
page read and write
7F968000
trusted library allocation
page execute and read and write
7FFD34245000
trusted library allocation
page read and write
295F000
stack
page read and write
90A1000
trusted library allocation
page read and write
21F502FC000
heap
page read and write
9690000
trusted library allocation
page execute and read and write
A1E000
stack
page read and write
94C8000
trusted library allocation
page read and write
92BC000
heap
page read and write
9670000
trusted library allocation
page read and write
90AD000
trusted library allocation
page read and write
B20000
trusted library allocation
page read and write
7420000
trusted library allocation
page read and write
46BF000
stack
page read and write
5B21000
trusted library allocation
page read and write
21F502B6000
heap
page read and write
24DE000
stack
page read and write
E1D41FF000
stack
page read and write
72FE000
stack
page read and write
B70000
heap
page readonly
21F502A0000
heap
page read and write
21F36003000
heap
page read and write
21F37A00000
trusted library allocation
page read and write
737D000
stack
page read and write
9710000
trusted library allocation
page read and write
5B84000
trusted library allocation
page read and write
46FE000
stack
page read and write
9350000
trusted library allocation
page execute and read and write
E1D407E000
stack
page read and write
400000
unkown
page readonly
B6E000
stack
page read and write
9610000
trusted library allocation
page execute and read and write
306C000
heap
page read and write
6C9A000
stack
page read and write
21F47E90000
trusted library allocation
page read and write
9080000
trusted library allocation
page read and write
4B21000
trusted library allocation
page read and write
23CE000
stack
page read and write
919C000
heap
page read and write
21F39718000
trusted library allocation
page read and write
21F37A90000
heap
page read and write
446C000
heap
page read and write
5E9000
stack
page read and write
9192000
heap
page read and write
E1D453E000
stack
page read and write
7EB0000
heap
page read and write
90E7000
trusted library allocation
page read and write
9657000
direct allocation
page readonly
21F37A95000
heap
page read and write
21F5030E000
heap
page read and write
96D0000
trusted library allocation
page execute and read and write
7FFD342C0000
trusted library allocation
page read and write
21F396DD000
trusted library allocation
page read and write
400000
unkown
page readonly
7450000
trusted library allocation
page read and write
96C0000
trusted library allocation
page read and write
21F50303000
heap
page read and write
E1D3BC5000
stack
page read and write
9366000
trusted library allocation
page read and write
7FFD343E0000
trusted library allocation
page read and write
21F3603D000
heap
page read and write
7FFD34250000
trusted library allocation
page execute and read and write
460000
heap
page read and write
96CC000
trusted library allocation
page read and write
6FAE000
stack
page read and write
21F36225000
heap
page read and write
980000
heap
page read and write
7FFD34390000
trusted library allocation
page read and write
406000
unkown
page readonly
21F47EED000
trusted library allocation
page read and write
9136000
heap
page read and write
4740000
heap
page execute and read and write
7FFD34260000
trusted library allocation
page execute and read and write
E1D433E000
stack
page read and write
7FFD34360000
trusted library allocation
page read and write
9959000
heap
page read and write
E60000
trusted library allocation
page execute and read and write
249E000
stack
page read and write
21F35F50000
heap
page read and write
702F000
stack
page read and write
98AE000
stack
page read and write
6D3A000
stack
page read and write
21F47EF9000
trusted library allocation
page read and write
7E40000
trusted library allocation
page execute and read and write
7E50000
trusted library allocation
page read and write
9330000
trusted library allocation
page execute and read and write
7FFD341B0000
trusted library allocation
page execute and read and write
7FDC0000
direct allocation
page execute and read and write
9C000
stack
page read and write
21F37A50000
heap
page execute and read and write
6CF0000
heap
page execute and read and write
90CA000
trusted library allocation
page read and write
990E000
stack
page read and write
6BFE000
stack
page read and write
21F50018000
heap
page read and write
90ED000
trusted library allocation
page read and write
E90000
heap
page read and write
7192000
heap
page read and write
C49000
heap
page read and write
9680000
trusted library allocation
page read and write
21F4FFA0000
heap
page read and write
E1D4438000
stack
page read and write
21F36170000
heap
page read and write
9360000
trusted library allocation
page read and write
7FFD34350000
trusted library allocation
page read and write
7FE40000
direct allocation
page execute and read and write
7FFD34140000
trusted library allocation
page read and write
21F4FFDC000
heap
page read and write
90A7000
trusted library allocation
page read and write
21F380B3000
trusted library allocation
page read and write
265F000
stack
page read and write
E1D3FFE000
stack
page read and write
7FFD34176000
trusted library allocation
page execute and read and write
467E000
stack
page read and write
3A6C000
heap
page read and write
9160000
heap
page read and write
72BE000
stack
page read and write
9662000
direct allocation
page readonly
7460000
trusted library allocation
page read and write
E1D3F7E000
stack
page read and write
244E000
stack
page read and write
5FE000
heap
page read and write
936C000
trusted library allocation
page read and write
733E000
stack
page read and write
21F37F0A000
trusted library allocation
page read and write
6C6C000
heap
page read and write
915C000
heap
page read and write
9370000
trusted library allocation
page execute and read and write
7FFD343D0000
trusted library allocation
page read and write
8F61000
trusted library allocation
page read and write
251E000
stack
page read and write
7FFD342B0000
trusted library allocation
page read and write
9630000
trusted library allocation
page read and write
B00000
trusted library allocation
page read and write
B05000
trusted library allocation
page execute and read and write
21F361E0000
heap
page read and write
E5E000
stack
page read and write
A80000
heap
page read and write
5C88000
trusted library allocation
page read and write
9270000
heap
page read and write
7FFD34150000
trusted library allocation
page execute and read and write
7390000
trusted library allocation
page execute and read and write
2DDF000
stack
page read and write
9720000
trusted library allocation
page read and write
21F3A463000
trusted library allocation
page read and write
7FFD34320000
trusted library allocation
page read and write
9500000
trusted library allocation
page read and write
97AB000
stack
page read and write
E1D46BE000
stack
page read and write
7FFD3409D000
trusted library allocation
page execute and read and write
90C1000
trusted library allocation
page read and write
4DEA000
trusted library allocation
page read and write
8F6E000
trusted library allocation
page read and write
404000
unkown
page readonly
913E000
heap
page read and write
E1D40FB000
stack
page read and write
21F501A0000
heap
page read and write
21F379D0000
trusted library allocation
page read and write
7152000
heap
page read and write
70A9000
heap
page read and write
21F38AB3000
trusted library allocation
page read and write
907E000
stack
page read and write
21F4803B000
trusted library allocation
page read and write
9949000
heap
page read and write
7FFD342D0000
trusted library allocation
page read and write
440000
heap
page execute and read and write
5C7C000
trusted library allocation
page read and write
6B9B000
stack
page read and write
908C000
trusted library allocation
page read and write
E1D3E7E000
stack
page read and write
285F000
stack
page read and write
6DD9000
heap
page read and write
7F40000
heap
page read and write
96C6000
trusted library allocation
page read and write
7EA0000
trusted library allocation
page execute and read and write
94C1000
trusted library allocation
page read and write
5D0000
direct allocation
page read and write
7070000
heap
page read and write
21F3941D000
trusted library allocation
page read and write
E1D42FA000
stack
page read and write
E70000
heap
page read and write
9910000
heap
page read and write
4B82000
trusted library allocation
page read and write
5B49000
trusted library allocation
page read and write
626C000
heap
page read and write
ADD000
trusted library allocation
page execute and read and write
AD0000
trusted library allocation
page read and write
E1D45BF000
stack
page read and write
2C9F000
stack
page read and write
21F504A0000
heap
page read and write
6D7D000
stack
page read and write
406000
unkown
page readonly
473E000
stack
page read and write
21F36220000
heap
page read and write
420000
heap
page read and write
21F50081000
heap
page read and write
21F39A63000
trusted library allocation
page read and write
21F480F6000
trusted library allocation
page read and write
AE9000
trusted library allocation
page read and write
73C0000
trusted library allocation
page read and write
2B9E000
stack
page read and write
7FFD342A0000
trusted library allocation
page read and write
7060000
heap
page execute and read and write
7430000
trusted library allocation
page read and write
7FFD34241000
trusted library allocation
page read and write
E1D417F000
stack
page read and write
5C94000
trusted library allocation
page read and write
BAE000
heap
page read and write
7FFD343A0000
trusted library allocation
page read and write
21F37A10000
heap
page readonly
9658000
direct allocation
page read and write
21F4807D000
trusted library allocation
page read and write
903E000
stack
page read and write
9150000
heap
page read and write
7FFD34230000
trusted library allocation
page read and write
There are 385 hidden memdumps, click here to show them.