Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
e93wY5kRY0.ps1
|
ASCII text, with very long lines (65312), with CRLF, LF line terminators
|
initial sample
|
||
C:\ProgramData\E8D5.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\ProgramData\kF0wnCN24.bmp
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 16, image size 2621440, cbSize 2621494, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\VWDFPKGDUF\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\e93wY5kRY0.ps1
|
data
|
modified
|
||
C:\Users\user\Desktop\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\GRXZDKKVDB\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\LIJDSFKJZG\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\NWCXBPIUYI\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\NYMMPCEIMA\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Videos\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\$WinREAgent\Scratch\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\$WinREAgent\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\7E0B47C2\3BD0.tmp
|
data
|
dropped
|
||
C:\ProgramData\kF0wnCN24.ico
|
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
C:\Users\user\.curlrc.kF0wnCN24
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\.ms-ad\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\3D Objects\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0gnf0vqy.flt.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aivmnw2w.et0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bc2iqh5c.xaf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lgd3j3tg.wxk.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mm3opjod.por.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_opqdudv0.x1a.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YEYVH5OXCEZ514J2Q50M.temp
|
data
|
dropped
|
||
C:\Users\user\Contacts\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\BJZFPPWAPT.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\BJZFPPWAPT.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\BJZFPPWAPT\BJZFPPWAPT.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\BJZFPPWAPT\DUUDTUBZFW.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\BJZFPPWAPT\EWZCVGNOWT.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\BJZFPPWAPT\JDDHMPCDUJ.mp3.kF0wnCN24
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\Desktop\BJZFPPWAPT\KLIZUSIQEN.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\BJZFPPWAPT\ZGGKNSUKOP.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\BJZFPPWAPT\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\DUUDTUBZFW.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\DUUDTUBZFW.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\EIVQSAOTAQ\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\EOWRVPQCCS.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\EWZCVGNOWT.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\EWZCVGNOWT\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\GIGIYTFFYT.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\GLTYDMDUST.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\GRXZDKKVDB.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\GRXZDKKVDB\BJZFPPWAPT.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\GRXZDKKVDB\DUUDTUBZFW.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\GRXZDKKVDB\EOWRVPQCCS.png.kF0wnCN24
|
SoftQuad DESC or font file binary
|
dropped
|
||
C:\Users\user\Desktop\GRXZDKKVDB\GRXZDKKVDB.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\GRXZDKKVDB\PALRGUCVEH.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\GRXZDKKVDB\ZGGKNSUKOP.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\GRXZDKKVDB\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\JDDHMPCDUJ.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\JDDHMPCDUJ.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\KLIZUSIQEN.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\LIJDSFKJZG\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\NWCXBPIUYI\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\NYMMPCEIMA\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH\GIGIYTFFYT.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH\GLTYDMDUST.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH\JDDHMPCDUJ.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH\PALRGUCVEH.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH\ZGGKNSUKOP.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH\ZIPXYXWIOY.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\ZGGKNSUKOP.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\ZGGKNSUKOP.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\ZGGKNSUKOP.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\ZIPXYXWIOY.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\BJZFPPWAPT.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\BJZFPPWAPT.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\BJZFPPWAPT\BJZFPPWAPT.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\BJZFPPWAPT\DUUDTUBZFW.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\BJZFPPWAPT\EWZCVGNOWT.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\BJZFPPWAPT\JDDHMPCDUJ.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\BJZFPPWAPT\KLIZUSIQEN.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\BJZFPPWAPT\ZGGKNSUKOP.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\BJZFPPWAPT\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\DUUDTUBZFW.jpg.kF0wnCN24
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\Documents\DUUDTUBZFW.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\EIVQSAOTAQ\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\EOWRVPQCCS.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\EWZCVGNOWT.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\EWZCVGNOWT\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\GIGIYTFFYT.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\GLTYDMDUST.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\GRXZDKKVDB.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\GRXZDKKVDB\BJZFPPWAPT.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\GRXZDKKVDB\DUUDTUBZFW.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\GRXZDKKVDB\EOWRVPQCCS.png.kF0wnCN24
|
PGP Secret Sub-key -
|
dropped
|
||
C:\Users\user\Documents\GRXZDKKVDB\GRXZDKKVDB.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\GRXZDKKVDB\PALRGUCVEH.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\GRXZDKKVDB\ZGGKNSUKOP.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\JDDHMPCDUJ.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\JDDHMPCDUJ.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\KLIZUSIQEN.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH\GIGIYTFFYT.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH\GLTYDMDUST.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH\JDDHMPCDUJ.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH\PALRGUCVEH.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH\ZGGKNSUKOP.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH\ZIPXYXWIOY.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\VWDFPKGDUF\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\ZGGKNSUKOP.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\ZGGKNSUKOP.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\ZGGKNSUKOP.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\ZIPXYXWIOY.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Downloads\BJZFPPWAPT.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\BJZFPPWAPT.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\DUUDTUBZFW.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\DUUDTUBZFW.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\EOWRVPQCCS.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\EWZCVGNOWT.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\GIGIYTFFYT.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\GLTYDMDUST.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\GRXZDKKVDB.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\JDDHMPCDUJ.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\JDDHMPCDUJ.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\KLIZUSIQEN.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\PALRGUCVEH.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\PALRGUCVEH.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\ZGGKNSUKOP.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\ZGGKNSUKOP.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\ZGGKNSUKOP.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\ZIPXYXWIOY.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Favorites\Amazon.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\Bing.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\Facebook.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\Google.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\Links\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Favorites\Live.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\NYTimes.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\Reddit.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\Twitter.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\Wikipedia.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\Youtube.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Links\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Music\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\OneDrive\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Pictures\Camera Roll\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Pictures\Saved Pictures\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Pictures\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Recent\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Saved Games\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Searches\Everywhere.search-ms.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Searches\Indexed Locations.search-ms.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Searches\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\_curlrc.kF0wnCN24
|
data
|
dropped
|
||
c:\users\user\desktop\AAAAAAAAAAAAAAA (copy)
|
data
|
dropped
|
There are 152 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\e93wY5kRY0.ps1"
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -ex bypass -nonI C:\Users\user\Desktop\e93wY5kRY0.ps1
|
||
C:\ProgramData\E8D5.tmp
|
"C:\ProgramData\E8D5.tmp"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://lockbitapiahy43zttdhslabjvx4q6k24xx7r33qtcvwqehmnnqxy3yd.onion
|
unknown
|
||
http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
|
unknown
|
||
http://lockbitapp24bvbi43n3qmtfcasf2veaeagjxatgbwtxnsh5w32mljad.onion
|
unknown
|
||
http://lockbitsptqsmaf56cmo7bieqwh5htlsfkodpahsaurxlquoz67zwrad.onion
|
unknown
|
||
http://lockbitspyakyequybgwgwauhzqxx7ba2gh3lmlj3zyeuaknrexdzfid.onion
|
unknown
|
||
http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
|
unknown
|
||
http://lockbitspxgtf65ej7uu5h7qtephbevcsc2sk2brxzmt754etrrzhdqd.onion
|
unknown
|
||
https://electrum.org/
|
unknown
|
||
http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
|
unknown
|
||
http://lockbitapyx2kr5b7ma7qn6ziwqgbrij2czhcbojuxmgnwpkgv2yx2yd.onion
|
unknown
|
||
http://lockbitapo3wkqddx2ka7t45hejurybzzjpos4cpeliudgv35kkizrid.onion
|
unknown
|
||
http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
|
unknown
|
||
http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
|
unknown
|
||
http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
|
unknown
|
||
http://lockbitapyum2wks2lbcnrovcgxj7ne3ua7hhcmshh3s3ajtpookohqd.onion
|
unknown
|
||
http://lockbitspudgjptrzadjzi7b4n2nw3yq6aqqqqw6wbrrjkr2ffuhkhyd.onion
|
unknown
|
||
http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
|
unknown
|
||
http://xvt5hvgldlzbll33sytrafy4sczfnqzrzdfuxe272iiaaw7pgogcxbid.onion
|
unknown
|
||
http://lockbitspxmqqfi6bw4y7f5psnpoaakhlisdx33busmnpgtimart5fad.onion
|
unknown
|
||
http://nuget.org/NuGet.exe
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
https://contoso.com/License
|
unknown
|
||
https://contoso.com/Icon
|
unknown
|
||
https://www.torproject.org/
|
unknown
|
||
https://bitcoin.org
|
unknown
|
||
https://github.com/Pester/Pester
|
unknown
|
||
http://www.microsoft.coD
|
unknown
|
||
https://github.com/Pester/Pester0
|
unknown
|
||
http://www.microsoft.coDq
|
unknown
|
||
https://aka.ms/pscore6lB
|
unknown
|
||
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
https://contoso.com/
|
unknown
|
||
https://nuget.org/nuget.exe
|
unknown
|
||
https://oneget.orgX
|
unknown
|
||
https://twitter.com/hashtag/lockbit?f=live.
|
unknown
|
||
https://aka.ms/pscore68
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
https://oneget.org
|
unknown
|
There are 32 hidden URLs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\Control Panel\Desktop
|
WallPaper
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.kF0wnCN24
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kF0wnCN24\DefaultIcon
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AirSpaceChannel
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AMSI/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\DirectShowFilterGraph
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\DirectShowPluginControl
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Els_Hyphenation/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\EndpointMapper
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\FirstUXPerf-Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\ForwardedEvents
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\General Logging
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Intel-iaLPSS-GPIO/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MedaFoundationVideoProc
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationAsyncWrapper
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationContentProtection
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationDeviceProxy
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationDS
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationMP4
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationPerformanceCore
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationPipeline
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-AppV-Client-Streamingux/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-AppV-Client/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-AppV-Client/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-License-Flexible-Platform/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-Licensing-Platform/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-PerfTrack-IEFRAME/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-Agent
Driver/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-Agent
Driver/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-Agent
Driver/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-App
Agent/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-App
Agent/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-IPC/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ActionQueue/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ADSI/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-All-User-Install-Agent/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AllJoyn/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppHost/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppID/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Applicabilityuser/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Applicabilityuser/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application Server-Applications/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application Server-Applications/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application Server-Applications/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application Server-Applications/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application-Experience/Steps-Recorder
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application-Experience/Steps-Recorder
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppLocker/EXE and DLL
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppLocker/EXE and DLL
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppLocker/MSI and Script
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppLocker/MSI and Script
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppLocker/Packaged app-Deployment
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppLocker/Packaged app-Deployment
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppLocker/Packaged app-Execution
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppModel-Runtime/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppModel-Runtime/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppModel-Runtime/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppModel-State/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppReadiness/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppReadiness/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppSruProv
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeployment/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeployment/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeploymentServer/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeploymentServer/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeploymentServer/Restricted
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppxPackaging/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppxPackaging/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ASN1/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AssignedAccess/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AssignedAccess/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ATAPort/General
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ATAPort/SATA-LPM
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/CaptureMonitor
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/CaptureMonitor
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/GlitchDetection
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/Informational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/PlaybackManager
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Authentication/ProtectedUser-Client
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AxInstallService/Log
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BackgroundTaskInfrastructure/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Backup
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Backup
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Base-Filtering-user-Resource-Flows/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Battery/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Biometrics/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Biometrics/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker-Driver-Performance/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker/BitLocker Management
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker/BitLocker Management
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bits-Client/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bits-Client/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bluetooth-MTPEnum/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bluetooth-MTPEnum/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BranchCacheSMB/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BTH-BTHPORT/HCI
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BTH-BTHUSB/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CAPI2/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CodeIntegrity/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CodeIntegrity/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CodeIntegrity/Verbose
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Compat-Appraiser/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Compat-Appraiser/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcifs/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcifs/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcnfs/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcnfs/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcnfs/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-BCRYPT/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-DPAPI/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-DSSEnh/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-NCrypt/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-RNG/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DataIntegrityScan/CrashRecovery
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DataIntegrityScan/CrashRecovery
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DateTimeControlPanel/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DateTimeControlPanel/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DDisplay/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DDisplay/Logging
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Deduplication/Diagnostic
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Deduplication/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Deduplication/Performance
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Defrag-Core/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DeviceUpdateAgent/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-PCW/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-WDI/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Networking/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Networking/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Networking/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Performance/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Performance/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Performance/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Direct3D11/Logging
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Direct3D11/PerfTiming
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Direct3D12/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DiskDiagnosticDataCollector/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DiskDiagnosticDataCollector/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DiskDiagnosticResolver/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DisplaySwitch/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DSC/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DSC/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DucUpdateAgent/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Dwm-Core/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Dwm-Dwm/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl-Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl-Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl-Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl-Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl/Contention
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl/Performance
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl/Power
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DXP/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxpTaskSyncProvider/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapHost/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapHost/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapMethods-RasTls/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapMethods-RasTls/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapMethods-Ttls/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapMethods-Ttls/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EDP-Audit-Regular/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EDP-Audit-TCB/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EDP-Audit-TCB/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EventCollector/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EventLog/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FeatureConfiguration/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FeatureConfiguration/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-Catalog/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-user/BackupLog
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-EventListener/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-GroupPolicy/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HAL/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HealthCenter/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HealthCenter/Performance
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HealthCenterCPL/Performance
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Help/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-Hypervisor-Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-NETVSC/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-VID-Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IME-TCTIP/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Input-HIDCLASS-Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-International-RegionalOptionsControlPanel/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-International-RegionalOptionsControlPanel/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Iphlpsvc/Trace
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IPxlatCfg/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IPxlatCfg/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-KdsSvc/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-KdsSvc/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kerberos/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-AppCompat/Performance
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-ApphelpCache/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-LiveDump/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-LiveDump/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-PnP/Boot Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-WDI/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-XDV/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-KeyboardFilter/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-KeyboardFilter/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LimitsManagement/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LiveId/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Media-Streaming/DMR
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Media-Streaming/MDE
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MediaFoundation-MFReadWrite/Transform
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MediaFoundation-Performance/SARStreamResource
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MemoryDiagnostics-Results/Debug
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MemoryDiagnostics-Results/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MobilityCenter/Performance
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-mobsync/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MSPaint/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MSPaint/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MUI/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MUI/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Ncasvc/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NcdAutoSetup/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NcdAutoSetup/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NDF-HelperClassDiscovery/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NDIS/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Ndu/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Network-Connection-Broker
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Networking-Correlation/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkLocationWizard/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkLocationWizard/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkProfile/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkProfile/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkProfile/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkProvider/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkProvider/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkProvisioning/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ntshrui-perf
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OcpUpdateAgent/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OfflineFiles/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OfflineFiles/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OneBackup/Debug
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OOBE-Machine-DUI/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OOBE-Machine-DUI/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OobeLdr/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OtpCredentialProvider/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PackageStateRoaming/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PackageStateRoaming/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ParentalControls/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Partition/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Partition/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Policy/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PortableDeviceSyncProvider/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PrintBRM/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PrintBRM/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PrintService-USBMon/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PrintService/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PrintService/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PrintService/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Privacy-Auditing/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Privacy-Auditing/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ProcessStateManager/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PushNotification-Platform/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PushNotification-Platform/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-QoS-Pacer/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReadyBoostDriver/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Regsvr32/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Regsvr32/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteApp and Desktop Connections/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteApp and Desktop Connections/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteAssistance/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteAssistance/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteAssistance/Tracing
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Remotefs-Rdbss/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Remotefs-Rdbss/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Resource-Exhaustion-Detector/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RetailDemo/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RPC/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Search-ProtocolHandlers/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SearchUI/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-Adminless/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-SPP/Perf
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-UserConsentVerifier/Audit
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Sens/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Setup/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmartCard-Audit/Authentication
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmartCard-Audit/Authentication
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBClient/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmbClient/Audit
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmbClient/Audit
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmbClient/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBServer/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBServer/Audit
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBServer/Audit
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBServer/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBServer/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBServer/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBServer/Performance
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBServer/Security
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBWitnessClient/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBWitnessClient/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StateRepository/Restricted
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Disk/Diagnose
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Disk/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Storport/Diagnose
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Storport/Health
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Tiering/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Tiering/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageManagement/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageManagement/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSettings/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-SpaceManager/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-SpaceManager/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storsvc/Diagnostic
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storsvc/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TCPIP/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TenantRestrictions/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-PnPDevices/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-PnPDevices/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-RDPClient/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ThemeUI/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Threat-Intelligence/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Time-Service/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Time-Service/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-User Control Panel Usage/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-User Profile Service/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-User Profile Service/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-User Profile Service/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-VerifyHardwareSecurity/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Firewall With Advanced
Security/ConnectionSecurity
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsSystemAssessmentTool/Tracing
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WinNat/Oper
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WinNat/Trace
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WorkFolders/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WorkFolders/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WPD-MTPClassDriver/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Network Isolation Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\NIS-Driver-WFP/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeChannel
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OpenSSH/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\PlayReadyPerformanceChannel
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Setup
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Windows Networking Vpn Plugin Platform/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\WINDOWS_KS_CHANNEL
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\WINDOWS_MFH264Enc_CHANNEL
|
ChannelAccess
|
There are 367 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
5F04000
|
trusted library allocation
|
page read and write
|
||
9641000
|
direct allocation
|
page execute read
|
||
5F9F000
|
trusted library allocation
|
page read and write
|
||
9D0000
|
heap
|
page read and write
|
||
4D12000
|
trusted library allocation
|
page read and write
|
||
B88000
|
heap
|
page read and write
|
||
7FE30000
|
direct allocation
|
page read and write
|
||
9740000
|
trusted library allocation
|
page execute and read and write
|
||
7E90000
|
trusted library allocation
|
page read and write
|
||
716E000
|
heap
|
page read and write
|
||
21F4FFD0000
|
heap
|
page read and write
|
||
73F0000
|
trusted library allocation
|
page read and write
|
||
405000
|
unkown
|
page read and write
|
||
9640000
|
direct allocation
|
page read and write
|
||
2523000
|
heap
|
page execute and read and write
|
||
21F36120000
|
heap
|
page read and write
|
||
5C7F000
|
trusted library allocation
|
page read and write
|
||
90C4000
|
trusted library allocation
|
page read and write
|
||
2A5F000
|
stack
|
page read and write
|
||
7FE20000
|
direct allocation
|
page execute and read and write
|
||
2CDE000
|
stack
|
page read and write
|
||
21F39425000
|
trusted library allocation
|
page read and write
|
||
96E1000
|
trusted library allocation
|
page read and write
|
||
9CE000
|
unkown
|
page read and write
|
||
9090000
|
trusted library allocation
|
page read and write
|
||
992D000
|
heap
|
page read and write
|
||
70CA000
|
heap
|
page read and write
|
||
5AC000
|
stack
|
page read and write
|
||
7FFD34310000
|
trusted library allocation
|
page read and write
|
||
7FE10000
|
direct allocation
|
page read and write
|
||
EDC000
|
stack
|
page read and write
|
||
4E6C000
|
heap
|
page read and write
|
||
9550000
|
trusted library allocation
|
page read and write
|
||
2550000
|
heap
|
page read and write
|
||
7FFD34094000
|
trusted library allocation
|
page read and write
|
||
986000
|
heap
|
page read and write
|
||
7FFD34330000
|
trusted library allocation
|
page read and write
|
||
91BE000
|
heap
|
page read and write
|
||
AD3000
|
trusted library allocation
|
page execute and read and write
|
||
21F50057000
|
heap
|
page read and write
|
||
7FFD340AB000
|
trusted library allocation
|
page read and write
|
||
E18000
|
heap
|
page read and write
|
||
5FA000
|
heap
|
page read and write
|
||
6B5D000
|
stack
|
page read and write
|
||
5B42000
|
trusted library allocation
|
page read and write
|
||
90E1000
|
trusted library allocation
|
page read and write
|
||
6CF5000
|
heap
|
page execute and read and write
|
||
21F500D7000
|
heap
|
page execute and read and write
|
||
7FFD34093000
|
trusted library allocation
|
page execute and read and write
|
||
E1D44B9000
|
stack
|
page read and write
|
||
F7E000
|
stack
|
page read and write
|
||
712A000
|
heap
|
page read and write
|
||
7410000
|
trusted library allocation
|
page read and write
|
||
2F1F000
|
stack
|
page read and write
|
||
7FFD34340000
|
trusted library allocation
|
page read and write
|
||
6DBB000
|
stack
|
page read and write
|
||
98C3000
|
heap
|
page execute and read and write
|
||
7040000
|
trusted library allocation
|
page read and write
|
||
586C000
|
heap
|
page read and write
|
||
6CDD000
|
stack
|
page read and write
|
||
7FFD34272000
|
trusted library allocation
|
page read and write
|
||
7400000
|
trusted library allocation
|
page read and write
|
||
AFA000
|
trusted library allocation
|
page execute and read and write
|
||
21F39A5F000
|
trusted library allocation
|
page read and write
|
||
7FFD34370000
|
trusted library allocation
|
page read and write
|
||
98C0000
|
heap
|
page execute and read and write
|
||
7FFD34280000
|
trusted library allocation
|
page execute and read and write
|
||
21F502AA000
|
heap
|
page read and write
|
||
7380000
|
trusted library allocation
|
page read and write
|
||
404000
|
unkown
|
page readonly
|
||
E1D43B6000
|
stack
|
page read and write
|
||
70D7000
|
heap
|
page read and write
|
||
47D0000
|
heap
|
page read and write
|
||
9700000
|
trusted library allocation
|
page execute and read and write
|
||
9760000
|
heap
|
page execute and read and write
|
||
7FFD3424A000
|
trusted library allocation
|
page read and write
|
||
405000
|
unkown
|
page write copy
|
||
55BE000
|
trusted library allocation
|
page read and write
|
||
7FFD34146000
|
trusted library allocation
|
page read and write
|
||
7FFD34290000
|
trusted library allocation
|
page read and write
|
||
7FFD34380000
|
trusted library allocation
|
page read and write
|
||
21F47EAA000
|
trusted library allocation
|
page read and write
|
||
74AB000
|
stack
|
page read and write
|
||
E10000
|
heap
|
page read and write
|
||
982F000
|
stack
|
page read and write
|
||
7FFD343C0000
|
trusted library allocation
|
page read and write
|
||
7F51000
|
trusted library allocation
|
page read and write
|
||
9600000
|
trusted library allocation
|
page read and write
|
||
7FFD342F0000
|
trusted library allocation
|
page read and write
|
||
21F48022000
|
trusted library allocation
|
page read and write
|
||
7E34000
|
stack
|
page read and write
|
||
7F3E000
|
stack
|
page read and write
|
||
21F48002000
|
trusted library allocation
|
page read and write
|
||
9164000
|
heap
|
page read and write
|
||
21F396BB000
|
trusted library allocation
|
page read and write
|
||
21F36140000
|
heap
|
page read and write
|
||
73E0000
|
trusted library allocation
|
page read and write
|
||
21F502F2000
|
heap
|
page read and write
|
||
AC0000
|
trusted library allocation
|
page read and write
|
||
275F000
|
stack
|
page read and write
|
||
7FFD34300000
|
trusted library allocation
|
page read and write
|
||
8FFC000
|
stack
|
page read and write
|
||
19D000
|
stack
|
page read and write
|
||
9168000
|
heap
|
page read and write
|
||
97D000
|
unkown
|
page read and write
|
||
E1D473B000
|
stack
|
page read and write
|
||
F20000
|
trusted library allocation
|
page read and write
|
||
21F4FFEF000
|
heap
|
page read and write
|
||
21F35FF6000
|
heap
|
page read and write
|
||
9134000
|
heap
|
page read and write
|
||
21F3968F000
|
trusted library allocation
|
page read and write
|
||
2450000
|
heap
|
page read and write
|
||
240E000
|
stack
|
page read and write
|
||
21F500D0000
|
heap
|
page execute and read and write
|
||
992B000
|
heap
|
page read and write
|
||
860000
|
heap
|
page read and write
|
||
B80000
|
heap
|
page read and write
|
||
21F48042000
|
trusted library allocation
|
page read and write
|
||
7FFD342E0000
|
trusted library allocation
|
page read and write
|
||
21F37E81000
|
trusted library allocation
|
page read and write
|
||
7E60000
|
trusted library allocation
|
page read and write
|
||
21F37E10000
|
trusted library allocation
|
page read and write
|
||
97EC000
|
stack
|
page read and write
|
||
9086000
|
trusted library allocation
|
page read and write
|
||
A5F000
|
stack
|
page read and write
|
||
21F37E50000
|
heap
|
page execute and read and write
|
||
2520000
|
heap
|
page execute and read and write
|
||
94C5000
|
trusted library allocation
|
page read and write
|
||
F1E000
|
stack
|
page read and write
|
||
7F950000
|
trusted library allocation
|
page execute and read and write
|
||
73D0000
|
trusted library allocation
|
page read and write
|
||
7EFD000
|
stack
|
page read and write
|
||
73A0000
|
trusted library allocation
|
page read and write
|
||
E1D510E000
|
stack
|
page read and write
|
||
E80000
|
trusted library allocation
|
page read and write
|
||
6DC0000
|
heap
|
page read and write
|
||
9620000
|
trusted library allocation
|
page execute and read and write
|
||
7DF442B70000
|
trusted library allocation
|
page execute and read and write
|
||
21F39137000
|
trusted library allocation
|
page read and write
|
||
21F3999A000
|
trusted library allocation
|
page read and write
|
||
94D0000
|
trusted library allocation
|
page read and write
|
||
7FFD340A0000
|
trusted library allocation
|
page read and write
|
||
90D0000
|
trusted library allocation
|
page read and write
|
||
73B0000
|
trusted library allocation
|
page read and write
|
||
21F35F30000
|
heap
|
page read and write
|
||
21F4FE8F000
|
heap
|
page read and write
|
||
E1D3EFE000
|
stack
|
page read and write
|
||
BBB000
|
heap
|
page read and write
|
||
47D7000
|
heap
|
page read and write
|
||
5F0000
|
heap
|
page read and write
|
||
AE0000
|
trusted library allocation
|
page read and write
|
||
21F39139000
|
trusted library allocation
|
page read and write
|
||
401000
|
unkown
|
page execute and read and write
|
||
401000
|
unkown
|
page execute read
|
||
21F36001000
|
heap
|
page read and write
|
||
E1D427D000
|
stack
|
page read and write
|
||
21F502B1000
|
heap
|
page read and write
|
||
8FBE000
|
stack
|
page read and write
|
||
21F36017000
|
heap
|
page read and write
|
||
2B5F000
|
stack
|
page read and write
|
||
2E1E000
|
stack
|
page read and write
|
||
7135000
|
heap
|
page read and write
|
||
7FFD34092000
|
trusted library allocation
|
page read and write
|
||
21F47E81000
|
trusted library allocation
|
page read and write
|
||
6F6E000
|
stack
|
page read and write
|
||
4C77000
|
trusted library allocation
|
page read and write
|
||
410000
|
heap
|
page read and write
|
||
AD4000
|
trusted library allocation
|
page read and write
|
||
21F501C0000
|
heap
|
page read and write
|
||
7440000
|
trusted library allocation
|
page read and write
|
||
7FFD343B0000
|
trusted library allocation
|
page read and write
|
||
9158000
|
heap
|
page read and write
|
||
7FFD3414C000
|
trusted library allocation
|
page execute and read and write
|
||
6C5E000
|
stack
|
page read and write
|
||
463F000
|
stack
|
page read and write
|
||
21F37E70000
|
heap
|
page read and write
|
||
9340000
|
trusted library allocation
|
page read and write
|
||
B02000
|
trusted library allocation
|
page read and write
|
||
21F37A20000
|
trusted library allocation
|
page read and write
|
||
6FEE000
|
stack
|
page read and write
|
||
7F968000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD34245000
|
trusted library allocation
|
page read and write
|
||
295F000
|
stack
|
page read and write
|
||
90A1000
|
trusted library allocation
|
page read and write
|
||
21F502FC000
|
heap
|
page read and write
|
||
9690000
|
trusted library allocation
|
page execute and read and write
|
||
A1E000
|
stack
|
page read and write
|
||
94C8000
|
trusted library allocation
|
page read and write
|
||
92BC000
|
heap
|
page read and write
|
||
9670000
|
trusted library allocation
|
page read and write
|
||
90AD000
|
trusted library allocation
|
page read and write
|
||
B20000
|
trusted library allocation
|
page read and write
|
||
7420000
|
trusted library allocation
|
page read and write
|
||
46BF000
|
stack
|
page read and write
|
||
5B21000
|
trusted library allocation
|
page read and write
|
||
21F502B6000
|
heap
|
page read and write
|
||
24DE000
|
stack
|
page read and write
|
||
E1D41FF000
|
stack
|
page read and write
|
||
72FE000
|
stack
|
page read and write
|
||
B70000
|
heap
|
page readonly
|
||
21F502A0000
|
heap
|
page read and write
|
||
21F36003000
|
heap
|
page read and write
|
||
21F37A00000
|
trusted library allocation
|
page read and write
|
||
737D000
|
stack
|
page read and write
|
||
9710000
|
trusted library allocation
|
page read and write
|
||
5B84000
|
trusted library allocation
|
page read and write
|
||
46FE000
|
stack
|
page read and write
|
||
9350000
|
trusted library allocation
|
page execute and read and write
|
||
E1D407E000
|
stack
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
B6E000
|
stack
|
page read and write
|
||
9610000
|
trusted library allocation
|
page execute and read and write
|
||
306C000
|
heap
|
page read and write
|
||
6C9A000
|
stack
|
page read and write
|
||
21F47E90000
|
trusted library allocation
|
page read and write
|
||
9080000
|
trusted library allocation
|
page read and write
|
||
4B21000
|
trusted library allocation
|
page read and write
|
||
23CE000
|
stack
|
page read and write
|
||
919C000
|
heap
|
page read and write
|
||
21F39718000
|
trusted library allocation
|
page read and write
|
||
21F37A90000
|
heap
|
page read and write
|
||
446C000
|
heap
|
page read and write
|
||
5E9000
|
stack
|
page read and write
|
||
9192000
|
heap
|
page read and write
|
||
E1D453E000
|
stack
|
page read and write
|
||
7EB0000
|
heap
|
page read and write
|
||
90E7000
|
trusted library allocation
|
page read and write
|
||
9657000
|
direct allocation
|
page readonly
|
||
21F37A95000
|
heap
|
page read and write
|
||
21F5030E000
|
heap
|
page read and write
|
||
96D0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD342C0000
|
trusted library allocation
|
page read and write
|
||
21F396DD000
|
trusted library allocation
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
7450000
|
trusted library allocation
|
page read and write
|
||
96C0000
|
trusted library allocation
|
page read and write
|
||
21F50303000
|
heap
|
page read and write
|
||
E1D3BC5000
|
stack
|
page read and write
|
||
9366000
|
trusted library allocation
|
page read and write
|
||
7FFD343E0000
|
trusted library allocation
|
page read and write
|
||
21F3603D000
|
heap
|
page read and write
|
||
7FFD34250000
|
trusted library allocation
|
page execute and read and write
|
||
460000
|
heap
|
page read and write
|
||
96CC000
|
trusted library allocation
|
page read and write
|
||
6FAE000
|
stack
|
page read and write
|
||
21F36225000
|
heap
|
page read and write
|
||
980000
|
heap
|
page read and write
|
||
7FFD34390000
|
trusted library allocation
|
page read and write
|
||
406000
|
unkown
|
page readonly
|
||
21F47EED000
|
trusted library allocation
|
page read and write
|
||
9136000
|
heap
|
page read and write
|
||
4740000
|
heap
|
page execute and read and write
|
||
7FFD34260000
|
trusted library allocation
|
page execute and read and write
|
||
E1D433E000
|
stack
|
page read and write
|
||
7FFD34360000
|
trusted library allocation
|
page read and write
|
||
9959000
|
heap
|
page read and write
|
||
E60000
|
trusted library allocation
|
page execute and read and write
|
||
249E000
|
stack
|
page read and write
|
||
21F35F50000
|
heap
|
page read and write
|
||
702F000
|
stack
|
page read and write
|
||
98AE000
|
stack
|
page read and write
|
||
6D3A000
|
stack
|
page read and write
|
||
21F47EF9000
|
trusted library allocation
|
page read and write
|
||
7E40000
|
trusted library allocation
|
page execute and read and write
|
||
7E50000
|
trusted library allocation
|
page read and write
|
||
9330000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD341B0000
|
trusted library allocation
|
page execute and read and write
|
||
7FDC0000
|
direct allocation
|
page execute and read and write
|
||
9C000
|
stack
|
page read and write
|
||
21F37A50000
|
heap
|
page execute and read and write
|
||
6CF0000
|
heap
|
page execute and read and write
|
||
90CA000
|
trusted library allocation
|
page read and write
|
||
990E000
|
stack
|
page read and write
|
||
6BFE000
|
stack
|
page read and write
|
||
21F50018000
|
heap
|
page read and write
|
||
90ED000
|
trusted library allocation
|
page read and write
|
||
E90000
|
heap
|
page read and write
|
||
7192000
|
heap
|
page read and write
|
||
C49000
|
heap
|
page read and write
|
||
9680000
|
trusted library allocation
|
page read and write
|
||
21F4FFA0000
|
heap
|
page read and write
|
||
E1D4438000
|
stack
|
page read and write
|
||
21F36170000
|
heap
|
page read and write
|
||
9360000
|
trusted library allocation
|
page read and write
|
||
7FFD34350000
|
trusted library allocation
|
page read and write
|
||
7FE40000
|
direct allocation
|
page execute and read and write
|
||
7FFD34140000
|
trusted library allocation
|
page read and write
|
||
21F4FFDC000
|
heap
|
page read and write
|
||
90A7000
|
trusted library allocation
|
page read and write
|
||
21F380B3000
|
trusted library allocation
|
page read and write
|
||
265F000
|
stack
|
page read and write
|
||
E1D3FFE000
|
stack
|
page read and write
|
||
7FFD34176000
|
trusted library allocation
|
page execute and read and write
|
||
467E000
|
stack
|
page read and write
|
||
3A6C000
|
heap
|
page read and write
|
||
9160000
|
heap
|
page read and write
|
||
72BE000
|
stack
|
page read and write
|
||
9662000
|
direct allocation
|
page readonly
|
||
7460000
|
trusted library allocation
|
page read and write
|
||
E1D3F7E000
|
stack
|
page read and write
|
||
244E000
|
stack
|
page read and write
|
||
5FE000
|
heap
|
page read and write
|
||
936C000
|
trusted library allocation
|
page read and write
|
||
733E000
|
stack
|
page read and write
|
||
21F37F0A000
|
trusted library allocation
|
page read and write
|
||
6C6C000
|
heap
|
page read and write
|
||
915C000
|
heap
|
page read and write
|
||
9370000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD343D0000
|
trusted library allocation
|
page read and write
|
||
8F61000
|
trusted library allocation
|
page read and write
|
||
251E000
|
stack
|
page read and write
|
||
7FFD342B0000
|
trusted library allocation
|
page read and write
|
||
9630000
|
trusted library allocation
|
page read and write
|
||
B00000
|
trusted library allocation
|
page read and write
|
||
B05000
|
trusted library allocation
|
page execute and read and write
|
||
21F361E0000
|
heap
|
page read and write
|
||
E5E000
|
stack
|
page read and write
|
||
A80000
|
heap
|
page read and write
|
||
5C88000
|
trusted library allocation
|
page read and write
|
||
9270000
|
heap
|
page read and write
|
||
7FFD34150000
|
trusted library allocation
|
page execute and read and write
|
||
7390000
|
trusted library allocation
|
page execute and read and write
|
||
2DDF000
|
stack
|
page read and write
|
||
9720000
|
trusted library allocation
|
page read and write
|
||
21F3A463000
|
trusted library allocation
|
page read and write
|
||
7FFD34320000
|
trusted library allocation
|
page read and write
|
||
9500000
|
trusted library allocation
|
page read and write
|
||
97AB000
|
stack
|
page read and write
|
||
E1D46BE000
|
stack
|
page read and write
|
||
7FFD3409D000
|
trusted library allocation
|
page execute and read and write
|
||
90C1000
|
trusted library allocation
|
page read and write
|
||
4DEA000
|
trusted library allocation
|
page read and write
|
||
8F6E000
|
trusted library allocation
|
page read and write
|
||
404000
|
unkown
|
page readonly
|
||
913E000
|
heap
|
page read and write
|
||
E1D40FB000
|
stack
|
page read and write
|
||
21F501A0000
|
heap
|
page read and write
|
||
21F379D0000
|
trusted library allocation
|
page read and write
|
||
7152000
|
heap
|
page read and write
|
||
70A9000
|
heap
|
page read and write
|
||
21F38AB3000
|
trusted library allocation
|
page read and write
|
||
907E000
|
stack
|
page read and write
|
||
21F4803B000
|
trusted library allocation
|
page read and write
|
||
9949000
|
heap
|
page read and write
|
||
7FFD342D0000
|
trusted library allocation
|
page read and write
|
||
440000
|
heap
|
page execute and read and write
|
||
5C7C000
|
trusted library allocation
|
page read and write
|
||
6B9B000
|
stack
|
page read and write
|
||
908C000
|
trusted library allocation
|
page read and write
|
||
E1D3E7E000
|
stack
|
page read and write
|
||
285F000
|
stack
|
page read and write
|
||
6DD9000
|
heap
|
page read and write
|
||
7F40000
|
heap
|
page read and write
|
||
96C6000
|
trusted library allocation
|
page read and write
|
||
7EA0000
|
trusted library allocation
|
page execute and read and write
|
||
94C1000
|
trusted library allocation
|
page read and write
|
||
5D0000
|
direct allocation
|
page read and write
|
||
7070000
|
heap
|
page read and write
|
||
21F3941D000
|
trusted library allocation
|
page read and write
|
||
E1D42FA000
|
stack
|
page read and write
|
||
E70000
|
heap
|
page read and write
|
||
9910000
|
heap
|
page read and write
|
||
4B82000
|
trusted library allocation
|
page read and write
|
||
5B49000
|
trusted library allocation
|
page read and write
|
||
626C000
|
heap
|
page read and write
|
||
ADD000
|
trusted library allocation
|
page execute and read and write
|
||
AD0000
|
trusted library allocation
|
page read and write
|
||
E1D45BF000
|
stack
|
page read and write
|
||
2C9F000
|
stack
|
page read and write
|
||
21F504A0000
|
heap
|
page read and write
|
||
6D7D000
|
stack
|
page read and write
|
||
406000
|
unkown
|
page readonly
|
||
473E000
|
stack
|
page read and write
|
||
21F36220000
|
heap
|
page read and write
|
||
420000
|
heap
|
page read and write
|
||
21F50081000
|
heap
|
page read and write
|
||
21F39A63000
|
trusted library allocation
|
page read and write
|
||
21F480F6000
|
trusted library allocation
|
page read and write
|
||
AE9000
|
trusted library allocation
|
page read and write
|
||
73C0000
|
trusted library allocation
|
page read and write
|
||
2B9E000
|
stack
|
page read and write
|
||
7FFD342A0000
|
trusted library allocation
|
page read and write
|
||
7060000
|
heap
|
page execute and read and write
|
||
7430000
|
trusted library allocation
|
page read and write
|
||
7FFD34241000
|
trusted library allocation
|
page read and write
|
||
E1D417F000
|
stack
|
page read and write
|
||
5C94000
|
trusted library allocation
|
page read and write
|
||
BAE000
|
heap
|
page read and write
|
||
7FFD343A0000
|
trusted library allocation
|
page read and write
|
||
21F37A10000
|
heap
|
page readonly
|
||
9658000
|
direct allocation
|
page read and write
|
||
21F4807D000
|
trusted library allocation
|
page read and write
|
||
903E000
|
stack
|
page read and write
|
||
9150000
|
heap
|
page read and write
|
||
7FFD34230000
|
trusted library allocation
|
page read and write
|
There are 385 hidden memdumps, click here to show them.