Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
22V6t8mgjo.ps1
|
ASCII text, with very long lines (65312), with CRLF, LF line terminators
|
initial sample
|
||
C:\ProgramData\8521.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\ProgramData\kF0wnCN24.bmp
|
PC bitmap, Windows 3.x format, 1280 x 1024 x 16, image size 2621440, cbSize 2621494, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\22V6t8mgjo.ps1
|
data
|
modified
|
||
C:\Users\user\Desktop\PALRGUCVEH\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\ZIPXYXWIOY\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\EIVQSAOTAQ.mp3.kF0wnCN24
|
x86 executable (TV) not stripped
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\ZIPXYXWIOY\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\Searches\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\Videos\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\$WinREAgent\Scratch\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\$WinREAgent\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\E9E954CD\A213.tmp
|
data
|
dropped
|
||
C:\ProgramData\kF0wnCN24.ico
|
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
C:\Users\user\.curlrc.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\.ms-ad\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\3D Objects\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2js42s5q.dph.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g3204cgq.nnx.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k1rw5i5u.wcg.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l2wmou2y.dvl.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_me2sb5pt.u2l.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qip1qaxw.2nk.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3NRLRM3L302C8IUTV59V.temp
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
C:\Users\user\Contacts\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\BJZFPPWAPT.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\BJZFPPWAPT\BJZFPPWAPT.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\BJZFPPWAPT\DUUDTUBZFW.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\BJZFPPWAPT\EIVQSAOTAQ.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\BJZFPPWAPT\EOWRVPQCCS.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\BJZFPPWAPT\PALRGUCVEH.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\BJZFPPWAPT\ZGGKNSUKOP.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\BJZFPPWAPT\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\CZQKSDDMWR\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\DUUDTUBZFW.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\EIVQSAOTAQ.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\EIVQSAOTAQ.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\EOWRVPQCCS.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\EOWRVPQCCS.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\EWZCVGNOWT\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\GIGIYTFFYT.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\GIGIYTFFYT\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH\EIVQSAOTAQ.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH\EOWRVPQCCS.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH\GIGIYTFFYT.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH\PALRGUCVEH.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH\QCOILOQIKC.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\PALRGUCVEH\TQDFJHPUIU.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\QCOILOQIKC.mp3.kF0wnCN24
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\Desktop\TQDFJHPUIU.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Desktop\ZGGKNSUKOP.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\BJZFPPWAPT.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\BJZFPPWAPT\BJZFPPWAPT.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\BJZFPPWAPT\DUUDTUBZFW.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\BJZFPPWAPT\EIVQSAOTAQ.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\BJZFPPWAPT\EOWRVPQCCS.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\BJZFPPWAPT\PALRGUCVEH.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\BJZFPPWAPT\ZGGKNSUKOP.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\BJZFPPWAPT\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\CZQKSDDMWR\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\DUUDTUBZFW.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\EIVQSAOTAQ.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\EOWRVPQCCS.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\EOWRVPQCCS.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\EWZCVGNOWT\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\GIGIYTFFYT.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\GIGIYTFFYT\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH\EIVQSAOTAQ.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH\EOWRVPQCCS.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH\GIGIYTFFYT.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH\PALRGUCVEH.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH\QCOILOQIKC.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\PALRGUCVEH\TQDFJHPUIU.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\QCOILOQIKC.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\TQDFJHPUIU.png.kF0wnCN24
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Documents\ZGGKNSUKOP.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Documents\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Downloads\BJZFPPWAPT.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\DUUDTUBZFW.pdf.kF0wnCN24
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\Downloads\EIVQSAOTAQ.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\EIVQSAOTAQ.pdf.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\EOWRVPQCCS.jpg.kF0wnCN24
|
OpenPGP Public Key
|
dropped
|
||
C:\Users\user\Downloads\EOWRVPQCCS.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\GIGIYTFFYT.jpg.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\PALRGUCVEH.docx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\PALRGUCVEH.xlsx.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\QCOILOQIKC.mp3.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\TQDFJHPUIU.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\ZGGKNSUKOP.png.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Downloads\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Favorites\Amazon.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\Bing.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\Facebook.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\Google.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\Links\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Favorites\Live.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\NYTimes.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\Reddit.url.kF0wnCN24
|
huf output
|
dropped
|
||
C:\Users\user\Favorites\Twitter.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\Wikipedia.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\Youtube.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Favorites\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Links\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Music\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\OneDrive\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Pictures\Camera Roll\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Pictures\Saved Pictures\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Pictures\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Recent\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Saved Games\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Searches\Everywhere.search-ms.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Searches\Indexed Locations.search-ms.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Searches\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\Videos\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\user\_curlrc.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\user\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\.ms-ad\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\3D Objects\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\Contacts\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\Desktop\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\Documents\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\Downloads\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\Favorites\Bing.url.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\jones\Favorites\Links\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\Favorites\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\Links\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\Music\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\OneDrive\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\Pictures\Camera Roll\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\Pictures\Saved Pictures\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\Pictures\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\Saved Games\kF0wnCN24.README.txt
|
ASCII text, with very long lines (837), with CRLF line terminators
|
dropped
|
||
C:\Users\jones\Searches\Everywhere.search-ms.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\jones\Searches\Indexed Locations.search-ms.kF0wnCN24
|
data
|
dropped
|
||
C:\Users\jones\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1002}-.searchconnector-ms.kF0wnCN24
|
data
|
dropped
|
||
c:\users\user\desktop\AAAAAAAAAAAAAAA (copy)
|
data
|
dropped
|
There are 138 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\22V6t8mgjo.ps1"
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -ex bypass -nonI C:\Users\user\Desktop\22V6t8mgjo.ps1
|
||
C:\ProgramData\8521.tmp
|
"C:\ProgramData\8521.tmp"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://lockbitapiahy43zttdhslabjvx4q6k24xx7r33qtcvwqehmnnqxy3yd.onion
|
unknown
|
||
http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
|
unknown
|
||
http://lockbitapp24bvbi43n3qmtfcasf2veaeagjxatgbwtxnsh5w32mljad.onion
|
unknown
|
||
http://lockbitsptqsmaf56cmo7bieqwh5htlsfkodpahsaurxlquoz67zwrad.onion
|
unknown
|
||
http://lockbitspyakyequybgwgwauhzqxx7ba2gh3lmlj3zyeuaknrexdzfid.onion
|
unknown
|
||
http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
|
unknown
|
||
http://lockbitspxgtf65ej7uu5h7qtephbevcsc2sk2brxzmt754etrrzhdqd.onion
|
unknown
|
||
https://electrum.org/
|
unknown
|
||
http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
|
unknown
|
||
http://lockbitapyx2kr5b7ma7qn6ziwqgbrij2czhcbojuxmgnwpkgv2yx2yd.onion
|
unknown
|
||
http://lockbitapo3wkqddx2ka7t45hejurybzzjpos4cpeliudgv35kkizrid.onion
|
unknown
|
||
http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
|
unknown
|
||
http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
|
unknown
|
||
http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
|
unknown
|
||
http://lockbitapyum2wks2lbcnrovcgxj7ne3ua7hhcmshh3s3ajtpookohqd.onion
|
unknown
|
||
http://lockbitspudgjptrzadjzi7b4n2nw3yq6aqqqqw6wbrrjkr2ffuhkhyd.onion
|
unknown
|
||
http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
|
unknown
|
||
http://xvt5hvgldlzbll33sytrafy4sczfnqzrzdfuxe272iiaaw7pgogcxbid.onion
|
unknown
|
||
http://lockbitspxmqqfi6bw4y7f5psnpoaakhlisdx33busmnpgtimart5fad.onion
|
unknown
|
||
http://nuget.org/NuGet.exe
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
https://contoso.com/License
|
unknown
|
||
https://contoso.com/Icon
|
unknown
|
||
https://www.torproject.org/
|
unknown
|
||
https://bitcoin.org
|
unknown
|
||
https://github.com/Pester/Pester
|
unknown
|
||
https://aka.ms/pscore6lB
|
unknown
|
||
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
https://contoso.com/
|
unknown
|
||
https://nuget.org/nuget.exe
|
unknown
|
||
https://oneget.orgX
|
unknown
|
||
https://twitter.com/hashtag/lockbit?f=live.
|
unknown
|
||
https://aka.ms/pscore68
|
unknown
|
||
http://www.microsoft.c
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
https://oneget.org
|
unknown
|
There are 30 hidden URLs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\Control Panel\Desktop
|
WallPaper
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.kF0wnCN24
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kF0wnCN24\DefaultIcon
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AirSpaceChannel
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AMSI/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\DirectShowFilterGraph
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\EndpointMapper
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\ForwardedEvents
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\IHM_DebugChannel
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Intel-iaLPSS-GPIO/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Intel-iaLPSS2-I2C/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Intel-iaLPSS2-I2C/Performance
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationDS
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationMediaEngine
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationMP4
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationPerformance
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationPerformanceCore
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationPipeline
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationPlatform
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-AppV-Client/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-License-Flexible-Platform/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-License-Flexible-Platform/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-License-Flexible-Platform/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-License-Flexible-Platform/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-Licensing-Platform/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-Licensing-Platform/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-Licensing-Platform/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-IEFRAME/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-Agent
Driver/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-Agent
Driver/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-App
Agent/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-App
Agent/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-SQM
Uploader/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-SQM
Uploader/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ADSI/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-All-User-Install-Agent/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-All-User-Install-Agent/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AllJoyn/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AllJoyn/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AllJoyn/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppHost/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppHost/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppHost/ApplicationTracing
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppHost/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppID/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application Server-Applications/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application Server-Applications/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application Server-Applications/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeploymentServer/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeploymentServer/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeploymentServer/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeploymentServer/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeploymentServer/Restricted
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ASN1/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AssignedAccess/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AssignedAccessBroker/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/GlitchDetection
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/Informational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Authentication User Interface/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Authentication User Interface/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AxInstallService/Log
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Backup
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker-Driver-Performance/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker/BitLocker Management
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker/BitLocker Management
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker/BitLocker Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker/Tracing
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bits-Client/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bits-Client/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bluetooth-Bthmini/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bluetooth-MTPEnum/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bluetooth-MTPEnum/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BranchCacheSMB/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BTH-BTHPORT/HCI
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CAPI2/Catalog Database Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CAPI2/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CDROM/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CmiSetup/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-COM/Call
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-COM/FreeUnusedLibrary
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ComDlg32/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-COMRuntime/Activations
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-COMRuntime/Tracing
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-BindFlt/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-BindFlt/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-BindFlt/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcifs/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcifs/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcnfs/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcnfs/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CoreApplication/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CoreApplication/Tracing
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CoreWindow/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CorruptedFileRecovery-Client/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CorruptedFileRecovery-Server/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-BCRYPT/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-CNG/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-RNG/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-RSAEnh/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DAMM/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Data-Pdf/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DCLocator/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Deduplication/Diagnostic
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Deduplication/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Deduplication/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Deduplication/Performance
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Defrag-Core/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Deplorch/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DeviceConfidence/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Dhcpv6-Client/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Dhcpv6-Client/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-PCW/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scripted/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scripted/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-WDC/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Networking/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Performance/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Performance/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DirectShow-KernelSupport/Performance
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DirectSound/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DisplayColorCalibration/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DisplayColorCalibration/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DLNA-Namespace/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DriverFrameworks-UserMode/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DSC/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Dwm-Udwm/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl-Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl-Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl/Power
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DXP/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapHost/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapHost/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapMethods-RasTls/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapMethods-Sim/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EDP-Audit-Regular/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EDP-Audit-Regular/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Energy-Estimation-Engine/EventLog
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Energy-Estimation-Engine/Trace
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ESE/IODiagnose
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ESE/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EventCollector/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EventCollector/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EventLog-WMIProvider/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EventLog/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EventLog/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-Catalog/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-ConfigManager/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-Engine/BackupLog
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-Service/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FMS/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Folder Redirection/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Folder Redirection/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Forwarding/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-GroupPolicy/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HelloForBusiness/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HelloForBusiness/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Help/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HomeGroup Control Panel/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HomeGroup Control Panel/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-Guest-Drivers/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-Guest-Drivers/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-Guest-Drivers/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-Guest-Drivers/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-Hypervisor-Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-Hypervisor-Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-NETVSC/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IdCtrls/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IE-SmartScreen
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IKE/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IKE/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IME-KRTIP/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IME-OEDCompiler/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IME-TCCORE/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-KdsSvc/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-KdsSvc/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kerberos/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-Acpi/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-ApphelpCache/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-ApphelpCache/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-Network/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-Pdc/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-Pep/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-PnP/Boot Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-PnP/Configuration
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-PnP/Configuration
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-PnP/Configuration Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-ShimEngine/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-ShimEngine/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-WHEA/Errors
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-WHEA/Errors
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-KeyboardFilter/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-L2NA/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LanguagePackSetup/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LanguagePackSetup/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LanguagePackSetup/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LDAP-Client/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LimitsManagement/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LiveId/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LiveId/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LiveId/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LSA/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LSA/Performance
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LUA-ConsentUI/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Media-Streaming/DMC
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MediaFoundation-Performance/SARStreamResource
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MediaFoundation-PlayAPI/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MemoryDiagnostics-Results/Debug
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MemoryDiagnostics-Results/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-mobsync/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NcdAutoSetup/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Network-and-Sharing-Center/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkProvider/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OcpUpdateAgent/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OfflineFiles/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ParentalControls/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Policy/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Policy/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Power-Meter-Polling/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PowerCfg/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Proximity-Common/Informational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-QoS-Pacer/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RadioManager/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Regsvr32/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Regsvr32/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteApp and Desktop Connections/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteApp and Desktop Connections/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteApp and Desktop Connections/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteApp and Desktop Connections/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteAssistance/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteAssistance/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteAssistance/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Remotefs-Rdbss/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ResetEng-Trace/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Resource-Exhaustion-Detector/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Resource-Exhaustion-Detector/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ResourcePublication/Tracing
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RetailDemo/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RPC-Proxy/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Runtime-Networking/Tracing
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Runtime-Web-Http/Tracing
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Runtime-WebAPI/Tracing
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-Adminless/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-Adminless/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-Audit-Configuration-Client/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-IdentityListener/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-Mitigations/UserMode
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-Mitigations/UserMode
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-Netlogon/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-UserConsentVerifier/Audit
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Sens/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SENSE/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SENSE/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SenseIR/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Serial-ClassExtension-V2/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Serial-ClassExtension/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ServiceReportingApi/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Servicing/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SettingSync-Azure/Debug
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Shell-DefaultPrograms/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Shell-OpenWith/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBClient/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmbClient/Audit
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBClient/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmbClient/Security
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SPB-ClassExtension/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SPB-HIDI2C/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Speech-UserExperience/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-ClassPnP/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-ClassPnP/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Disk/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Storport/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Storport/Health
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Storport/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Storport/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Tiering-IoHeat/Heat
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Tiering/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Tiering/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageManagement/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSettings/Diagnostic
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-Driver/Diagnostic
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-Driver/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-Driver/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-Driver/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-Driver/Performance
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-ManagementAgent/WHC
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-ManagementAgent/WHC
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storsvc/Diagnostic
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storsvc/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Subsys-Csr/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Subsys-SMSS/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Superfetch/Main
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Superfetch/PfApLog
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-System-Profile-HardwareId/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SystemSettingsHandlers/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SystemSettingsThreshold/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SystemSettingsThreshold/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskbarCPL/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskScheduler/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskScheduler/Maintenance
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskScheduler/Maintenance
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskScheduler/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TCPIP/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TCPIP/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TenantRestrictions/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TenantRestrictions/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-LocalSessionManager/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-PnPDevices/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-PnPDevices/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-PnPDevices/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-PnPDevices/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-Printers/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-Printers/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-Printers/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ThemeUI/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TWinAPI/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-UAC-FileVirtualization/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-UIAnimation/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-USB-USBPORT/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-USB-USBXHCI-Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Volume/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Wcmsvc/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Wcmsvc/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WDAG-PolicyEvaluator-GP/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WDAG-PolicyEvaluator-GP/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WebAuth/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WebAuthN/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WebcamProvider/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WebIO-NDF/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WEPHOSTSVC/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WER-PayloadHealth/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WFP/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Firewall With Advanced
Security/ConnectionSecurity
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Firewall With Advanced
Security/FirewallVerbose
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsColorSystem/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsSystemAssessmentTool/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsSystemAssessmentTool/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WinHTTP-NDF/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Winlogon/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Winlogon/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Winsrv/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Wired-AutoConfig/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WLANConnectionFlow/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WMPNSS-Service/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WorkFolders/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WorkFolders/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WPD-API/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WPD-ClassInstaller/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WPD-ClassInstaller/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WPD-CompositeClassDriver/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WPD-CompositeClassDriver/Operational
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WSC-SRV/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WUSA/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WWAN-CFE/Diagnostic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-XAML/Default
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Network Isolation Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OpenSSH/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\TimeBroker
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Windows Networking Vpn Plugin Platform/Operational
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Windows Networking Vpn Plugin Platform/OperationalVerbose
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\WINDOWS_MSMPEG2VDEC_CHANNEL
|
ChannelAccess
|
There are 410 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
9D21000
|
direct allocation
|
page execute read
|
||
6462000
|
trusted library allocation
|
page read and write
|
||
63C7000
|
trusted library allocation
|
page read and write
|
||
7FFB4AEC0000
|
trusted library allocation
|
page read and write
|
||
2B067540000
|
heap
|
page execute and read and write
|
||
9C90000
|
trusted library allocation
|
page read and write
|
||
7894000
|
heap
|
page read and write
|
||
405000
|
unkown
|
page read and write
|
||
2B05F311000
|
trusted library allocation
|
page read and write
|
||
2CDD000
|
stack
|
page read and write
|
||
D5F6D7E000
|
stack
|
page read and write
|
||
2B04D3B9000
|
heap
|
page read and write
|
||
7FFB4B0A0000
|
trusted library allocation
|
page execute and read and write
|
||
791E000
|
stack
|
page read and write
|
||
D5F6A7E000
|
stack
|
page read and write
|
||
9E00000
|
trusted library allocation
|
page execute and read and write
|
||
32B0000
|
trusted library allocation
|
page read and write
|
||
9D70000
|
heap
|
page execute and read and write
|
||
2B05F588000
|
trusted library allocation
|
page read and write
|
||
7FFB4B140000
|
trusted library allocation
|
page read and write
|
||
2B04D310000
|
heap
|
page read and write
|
||
9CE7000
|
trusted library allocation
|
page read and write
|
||
2B067364000
|
heap
|
page read and write
|
||
967D000
|
stack
|
page read and write
|
||
2B04D328000
|
heap
|
page read and write
|
||
2B050E2B000
|
trusted library allocation
|
page read and write
|
||
77DA000
|
heap
|
page read and write
|
||
7FFB4B150000
|
trusted library allocation
|
page read and write
|
||
72EE000
|
stack
|
page read and write
|
||
9C80000
|
trusted library allocation
|
page read and write
|
||
9E10000
|
trusted library allocation
|
page read and write
|
||
7FFB4B120000
|
trusted library allocation
|
page read and write
|
||
2CFE000
|
stack
|
page read and write
|
||
D5F6FFA000
|
stack
|
page read and write
|
||
7FFB4AF66000
|
trusted library allocation
|
page read and write
|
||
780B000
|
heap
|
page read and write
|
||
2B050EF0000
|
trusted library allocation
|
page read and write
|
||
9D10000
|
trusted library allocation
|
page execute and read and write
|
||
9750000
|
trusted library allocation
|
page read and write
|
||
2B050B4A000
|
trusted library allocation
|
page read and write
|
||
2CBF000
|
stack
|
page read and write
|
||
2B04D332000
|
heap
|
page read and write
|
||
715F000
|
stack
|
page read and write
|
||
2D9E000
|
unkown
|
page read and write
|
||
97B4000
|
heap
|
page read and write
|
||
7FE20000
|
direct allocation
|
page execute and read and write
|
||
2C9C000
|
stack
|
page read and write
|
||
61E000
|
stack
|
page read and write
|
||
2B050B1E000
|
trusted library allocation
|
page read and write
|
||
2F3F000
|
stack
|
page read and write
|
||
2E3E000
|
stack
|
page read and write
|
||
9CE1000
|
trusted library allocation
|
page read and write
|
||
7FFB4AEB3000
|
trusted library allocation
|
page execute and read and write
|
||
3102000
|
heap
|
page read and write
|
||
97C8000
|
heap
|
page read and write
|
||
3328000
|
heap
|
page read and write
|
||
2DF0000
|
heap
|
page read and write
|
||
25BE000
|
stack
|
page read and write
|
||
72AE000
|
stack
|
page read and write
|
||
7FFB4AEB2000
|
trusted library allocation
|
page read and write
|
||
32E0000
|
trusted library allocation
|
page read and write
|
||
7FFB4AF96000
|
trusted library allocation
|
page execute and read and write
|
||
4F70000
|
trusted library allocation
|
page read and write
|
||
4EB0000
|
trusted library allocation
|
page read and write
|
||
9767000
|
trusted library allocation
|
page read and write
|
||
D5F6B7D000
|
stack
|
page read and write
|
||
7430000
|
heap
|
page read and write
|
||
3152000
|
heap
|
page read and write
|
||
7FFB4AEB4000
|
trusted library allocation
|
page read and write
|
||
7FFB4B0F0000
|
trusted library allocation
|
page read and write
|
||
4FD0000
|
heap
|
page read and write
|
||
32D9000
|
trusted library allocation
|
page read and write
|
||
9B41000
|
trusted library allocation
|
page read and write
|
||
7FFB4B1D0000
|
trusted library allocation
|
page read and write
|
||
9C96000
|
trusted library allocation
|
page read and write
|
||
7AB0000
|
trusted library allocation
|
page read and write
|
||
52AA000
|
trusted library allocation
|
page read and write
|
||
310F000
|
heap
|
page read and write
|
||
2B04FF41000
|
trusted library allocation
|
page read and write
|
||
7FE40000
|
direct allocation
|
page execute and read and write
|
||
2B0518F4000
|
trusted library allocation
|
page read and write
|
||
7FE30000
|
direct allocation
|
page read and write
|
||
7F130000
|
trusted library allocation
|
page execute and read and write
|
||
2B0505C9000
|
trusted library allocation
|
page read and write
|
||
2B04D2F0000
|
heap
|
page read and write
|
||
6047000
|
trusted library allocation
|
page read and write
|
||
293F000
|
stack
|
page read and write
|
||
2B04D41B000
|
heap
|
page read and write
|
||
7A20000
|
trusted library allocation
|
page read and write
|
||
2B0673A6000
|
heap
|
page read and write
|
||
9DD0000
|
trusted library allocation
|
page execute and read and write
|
||
7AE0000
|
trusted library allocation
|
page read and write
|
||
76D2000
|
heap
|
page read and write
|
||
8601000
|
trusted library allocation
|
page read and write
|
||
711E000
|
stack
|
page read and write
|
||
2B04F160000
|
trusted library allocation
|
page read and write
|
||
9D20000
|
direct allocation
|
page read and write
|
||
4EA0000
|
heap
|
page readonly
|
||
9B50000
|
trusted library allocation
|
page read and write
|
||
7A50000
|
trusted library allocation
|
page read and write
|
||
9D00000
|
trusted library allocation
|
page read and write
|
||
2B05F4D4000
|
trusted library allocation
|
page read and write
|
||
2DE6000
|
heap
|
page read and write
|
||
2B04D2B5000
|
heap
|
page read and write
|
||
4E5E000
|
stack
|
page read and write
|
||
9EBD000
|
stack
|
page read and write
|
||
D5F6EF7000
|
stack
|
page read and write
|
||
70DF000
|
stack
|
page read and write
|
||
2B067687000
|
heap
|
page read and write
|
||
2B06769E000
|
heap
|
page read and write
|
||
9CC1000
|
trusted library allocation
|
page read and write
|
||
99EC000
|
trusted library allocation
|
page read and write
|
||
8A6E000
|
trusted library allocation
|
page read and write
|
||
99F0000
|
trusted library allocation
|
page execute and read and write
|
||
2CD7000
|
stack
|
page read and write
|
||
7FFB4AECB000
|
trusted library allocation
|
page read and write
|
||
D5F6DFD000
|
stack
|
page read and write
|
||
2B050B6D000
|
trusted library allocation
|
page read and write
|
||
2B067570000
|
heap
|
page read and write
|
||
9CF0000
|
trusted library allocation
|
page read and write
|
||
2B06766C000
|
heap
|
page read and write
|
||
765E000
|
stack
|
page read and write
|
||
2B067312000
|
heap
|
page read and write
|
||
30A7000
|
heap
|
page read and write
|
||
732A000
|
stack
|
page read and write
|
||
78D0000
|
heap
|
page execute and read and write
|
||
963E000
|
stack
|
page read and write
|
||
4F5E000
|
stack
|
page read and write
|
||
7FFB4B170000
|
trusted library allocation
|
page read and write
|
||
2B0676E1000
|
heap
|
page read and write
|
||
9B80000
|
trusted library allocation
|
page read and write
|
||
7FFB4B092000
|
trusted library allocation
|
page read and write
|
||
24F0000
|
heap
|
page read and write
|
||
32EA000
|
trusted library allocation
|
page execute and read and write
|
||
75DE000
|
stack
|
page read and write
|
||
32D0000
|
trusted library allocation
|
page read and write
|
||
5FE9000
|
trusted library allocation
|
page read and write
|
||
7FFB4B1C0000
|
trusted library allocation
|
page read and write
|
||
761F000
|
stack
|
page read and write
|
||
73ED000
|
stack
|
page read and write
|
||
2630000
|
heap
|
page execute and read and write
|
||
9DF0000
|
trusted library allocation
|
page read and write
|
||
2B067850000
|
heap
|
page read and write
|
||
99E6000
|
trusted library allocation
|
page read and write
|
||
79E0000
|
trusted library allocation
|
page read and write
|
||
D5F6BFE000
|
stack
|
page read and write
|
||
316D000
|
heap
|
page read and write
|
||
4C0000
|
heap
|
page read and write
|
||
19D000
|
stack
|
page read and write
|
||
701E000
|
stack
|
page read and write
|
||
D5F7C4F000
|
stack
|
page read and write
|
||
3280000
|
heap
|
page read and write
|
||
2B04ED40000
|
trusted library allocation
|
page read and write
|
||
448E000
|
heap
|
page read and write
|
||
308E000
|
heap
|
page read and write
|
||
71ED000
|
stack
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
7FFB4B080000
|
trusted library allocation
|
page execute and read and write
|
||
7FE10000
|
direct allocation
|
page read and write
|
||
7FFB4B130000
|
trusted library allocation
|
page read and write
|
||
9CB0000
|
trusted library allocation
|
page read and write
|
||
32C3000
|
trusted library allocation
|
page execute and read and write
|
||
420000
|
heap
|
page read and write
|
||
327F000
|
stack
|
page read and write
|
||
7F148000
|
trusted library allocation
|
page execute and read and write
|
||
7A00000
|
trusted library allocation
|
page read and write
|
||
2B04D320000
|
heap
|
page read and write
|
||
4FC0000
|
heap
|
page execute and read and write
|
||
2B04ED90000
|
heap
|
page read and write
|
||
2B0676C9000
|
heap
|
page read and write
|
||
7AC0000
|
trusted library allocation
|
page read and write
|
||
D5F67EF000
|
stack
|
page read and write
|
||
628E000
|
heap
|
page read and write
|
||
4FE1000
|
trusted library allocation
|
page read and write
|
||
9C000
|
stack
|
page read and write
|
||
62E000
|
heap
|
page read and write
|
||
84B5000
|
stack
|
page read and write
|
||
709E000
|
stack
|
page read and write
|
||
7FFB4B0C0000
|
trusted library allocation
|
page read and write
|
||
613F000
|
trusted library allocation
|
page read and write
|
||
D5F6F79000
|
stack
|
page read and write
|
||
73AB000
|
stack
|
page read and write
|
||
32C0000
|
trusted library allocation
|
page read and write
|
||
7FFB4AF70000
|
trusted library allocation
|
page execute and read and write
|
||
2B067480000
|
heap
|
page execute and read and write
|
||
85AF000
|
stack
|
page read and write
|
||
4FC5000
|
heap
|
page execute and read and write
|
||
7FFB4B160000
|
trusted library allocation
|
page read and write
|
||
2B04F300000
|
heap
|
page execute and read and write
|
||
79DD000
|
stack
|
page read and write
|
||
2B050BA7000
|
trusted library allocation
|
page read and write
|
||
4E10000
|
trusted library allocation
|
page read and write
|
||
7FFB4B061000
|
trusted library allocation
|
page read and write
|
||
7FFB4B180000
|
trusted library allocation
|
page read and write
|
||
32F5000
|
trusted library allocation
|
page execute and read and write
|
||
9C9C000
|
trusted library allocation
|
page read and write
|
||
2B04F1A1000
|
heap
|
page read and write
|
||
D5F6CFE000
|
stack
|
page read and write
|
||
2B04F311000
|
trusted library allocation
|
page read and write
|
||
401000
|
unkown
|
page execute and read and write
|
||
6009000
|
trusted library allocation
|
page read and write
|
||
736E000
|
stack
|
page read and write
|
||
99E0000
|
trusted library allocation
|
page read and write
|
||
2DFF000
|
stack
|
page read and write
|
||
9B45000
|
trusted library allocation
|
page read and write
|
||
5FE1000
|
trusted library allocation
|
page read and write
|
||
2B0673CE000
|
heap
|
page read and write
|
||
856E000
|
stack
|
page read and write
|
||
7FFB4B0D0000
|
trusted library allocation
|
page read and write
|
||
98D1000
|
heap
|
page read and write
|
||
799E000
|
stack
|
page read and write
|
||
D5F6E76000
|
stack
|
page read and write
|
||
9836000
|
heap
|
page read and write
|
||
7A10000
|
trusted library allocation
|
page execute and read and write
|
||
9FC0000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
8520000
|
heap
|
page read and write
|
||
2A7E000
|
stack
|
page read and write
|
||
97B8000
|
heap
|
page read and write
|
||
406000
|
unkown
|
page readonly
|
||
976D000
|
trusted library allocation
|
page read and write
|
||
2B05F4B4000
|
trusted library allocation
|
page read and write
|
||
7FFB4AF6C000
|
trusted library allocation
|
page execute and read and write
|
||
99D0000
|
trusted library allocation
|
page execute and read and write
|
||
8A6C000
|
trusted library allocation
|
page read and write
|
||
9CA0000
|
trusted library allocation
|
page execute and read and write
|
||
2A3F000
|
stack
|
page read and write
|
||
9D60000
|
trusted library allocation
|
page read and write
|
||
97F2000
|
heap
|
page read and write
|
||
7FFB4B1A0000
|
trusted library allocation
|
page read and write
|
||
2B04D3B0000
|
heap
|
page read and write
|
||
7FFB4AFD0000
|
trusted library allocation
|
page execute and read and write
|
||
78CB000
|
heap
|
page read and write
|
||
9DC1000
|
trusted library allocation
|
page read and write
|
||
2B04F39B000
|
trusted library allocation
|
page read and write
|
||
2B067547000
|
heap
|
page execute and read and write
|
||
2B04F541000
|
trusted library allocation
|
page read and write
|
||
2B04D31A000
|
heap
|
page read and write
|
||
4F0C000
|
stack
|
page read and write
|
||
7FFB4B200000
|
trusted library allocation
|
page read and write
|
||
7A90000
|
trusted library allocation
|
page read and write
|
||
2B04ED50000
|
heap
|
page readonly
|
||
4EC0000
|
heap
|
page read and write
|
||
2B05F494000
|
trusted library allocation
|
page read and write
|
||
4F10000
|
heap
|
page execute and read and write
|
||
7879000
|
heap
|
page read and write
|
||
D5F71FE000
|
stack
|
page read and write
|
||
283F000
|
stack
|
page read and write
|
||
7FFB4B110000
|
trusted library allocation
|
page read and write
|
||
96BE000
|
stack
|
page read and write
|
||
9D50000
|
trusted library allocation
|
page read and write
|
||
2B04D315000
|
heap
|
page read and write
|
||
726E000
|
stack
|
page read and write
|
||
D5F6C7B000
|
stack
|
page read and write
|
||
2B050EF4000
|
trusted library allocation
|
page read and write
|
||
9976000
|
heap
|
page read and write
|
||
7FFB4B070000
|
trusted library allocation
|
page execute and read and write
|
||
7A40000
|
trusted library allocation
|
page read and write
|
||
2B067650000
|
heap
|
page read and write
|
||
2633000
|
heap
|
page execute and read and write
|
||
85DF000
|
trusted library allocation
|
page read and write
|
||
7FFB4B190000
|
trusted library allocation
|
page read and write
|
||
24BF000
|
stack
|
page read and write
|
||
85F0000
|
heap
|
page read and write
|
||
6157000
|
trusted library allocation
|
page read and write
|
||
769E000
|
stack
|
page read and write
|
||
7A70000
|
trusted library allocation
|
page read and write
|
||
3070000
|
heap
|
page read and write
|
||
9D42000
|
direct allocation
|
page readonly
|
||
980C000
|
heap
|
page read and write
|
||
7B2C000
|
stack
|
page read and write
|
||
9CC4000
|
trusted library allocation
|
page read and write
|
||
6C8E000
|
heap
|
page read and write
|
||
7AA0000
|
trusted library allocation
|
page read and write
|
||
2B05F38B000
|
trusted library allocation
|
page read and write
|
||
D5F70FE000
|
stack
|
page read and write
|
||
309B000
|
heap
|
page read and write
|
||
7FFB4B06A000
|
trusted library allocation
|
page read and write
|
||
99C0000
|
trusted library allocation
|
page read and write
|
||
7FFB4B050000
|
trusted library allocation
|
page read and write
|
||
2B050C97000
|
trusted library allocation
|
page read and write
|
||
7FFB4B0E0000
|
trusted library allocation
|
page read and write
|
||
404000
|
unkown
|
page readonly
|
||
614B000
|
trusted library allocation
|
page read and write
|
||
96FE000
|
stack
|
page read and write
|
||
9E20000
|
trusted library allocation
|
page read and write
|
||
8500000
|
trusted library allocation
|
page read and write
|
||
7FDC0000
|
direct allocation
|
page execute and read and write
|
||
7A80000
|
trusted library allocation
|
page read and write
|
||
2B04D2B0000
|
heap
|
page read and write
|
||
9D80000
|
trusted library allocation
|
page read and write
|
||
97CC000
|
heap
|
page read and write
|
||
7FFB4B1F0000
|
trusted library allocation
|
page read and write
|
||
7FFB4B210000
|
trusted library allocation
|
page read and write
|
||
257E000
|
stack
|
page read and write
|
||
405000
|
unkown
|
page write copy
|
||
9E70000
|
heap
|
page execute and read and write
|
||
620000
|
heap
|
page read and write
|
||
4F60000
|
trusted library allocation
|
page execute and read and write
|
||
5135000
|
trusted library allocation
|
page read and write
|
||
9E6B000
|
stack
|
page read and write
|
||
32F0000
|
trusted library allocation
|
page read and write
|
||
3A8E000
|
heap
|
page read and write
|
||
2B04D2C0000
|
heap
|
page read and write
|
||
273F000
|
stack
|
page read and write
|
||
9D86000
|
trusted library allocation
|
page read and write
|
||
2BBE000
|
stack
|
page read and write
|
||
4E8E000
|
heap
|
page read and write
|
||
2DE0000
|
heap
|
page read and write
|
||
97BC000
|
heap
|
page read and write
|
||
2DDF000
|
unkown
|
page read and write
|
||
32CD000
|
trusted library allocation
|
page execute and read and write
|
||
85B0000
|
trusted library allocation
|
page execute and read and write
|
||
2B05F4CD000
|
trusted library allocation
|
page read and write
|
||
9CED000
|
trusted library allocation
|
page read and write
|
||
7DF480FD0000
|
trusted library allocation
|
page execute and read and write
|
||
4E9E000
|
stack
|
page read and write
|
||
2B04D280000
|
heap
|
page read and write
|
||
705E000
|
stack
|
page read and write
|
||
9D90000
|
trusted library allocation
|
page execute and read and write
|
||
9D37000
|
direct allocation
|
page readonly
|
||
9761000
|
trusted library allocation
|
page read and write
|
||
85D1000
|
trusted library allocation
|
page read and write
|
||
7AD0000
|
trusted library allocation
|
page read and write
|
||
32F2000
|
trusted library allocation
|
page read and write
|
||
6143000
|
trusted library allocation
|
page read and write
|
||
2B05F320000
|
trusted library allocation
|
page read and write
|
||
2B04D3F2000
|
heap
|
page read and write
|
||
51D2000
|
trusted library allocation
|
page read and write
|
||
77D0000
|
heap
|
page read and write
|
||
2B04EDE0000
|
heap
|
page read and write
|
||
9D8C000
|
trusted library allocation
|
page read and write
|
||
9B48000
|
trusted library allocation
|
page read and write
|
||
97C0000
|
heap
|
page read and write
|
||
D5F727B000
|
stack
|
page read and write
|
||
97C4000
|
heap
|
page read and write
|
||
5D0000
|
heap
|
page read and write
|
||
77F0000
|
heap
|
page read and write
|
||
742B000
|
stack
|
page read and write
|
||
2B04ED10000
|
trusted library allocation
|
page read and write
|
||
2B067550000
|
heap
|
page read and write
|
||
7FFB4AEBD000
|
trusted library allocation
|
page execute and read and write
|
||
400000
|
unkown
|
page readonly
|
||
722B000
|
stack
|
page read and write
|
||
77DE000
|
heap
|
page read and write
|
||
6002000
|
trusted library allocation
|
page read and write
|
||
84D0000
|
trusted library allocation
|
page read and write
|
||
305E000
|
stack
|
page read and write
|
||
D5F6AFE000
|
stack
|
page read and write
|
||
2B7F000
|
stack
|
page read and write
|
||
2B04D369000
|
heap
|
page read and write
|
||
2B05F50F000
|
trusted library allocation
|
page read and write
|
||
406000
|
unkown
|
page readonly
|
||
7A30000
|
trusted library allocation
|
page read and write
|
||
2B067310000
|
heap
|
page read and write
|
||
9CD0000
|
trusted library allocation
|
page execute and read and write
|
||
7A60000
|
trusted library allocation
|
page read and write
|
||
7FFB4B1E0000
|
trusted library allocation
|
page read and write
|
||
D5F707E000
|
stack
|
page read and write
|
||
3320000
|
heap
|
page read and write
|
||
2B05F33A000
|
trusted library allocation
|
page read and write
|
||
3307000
|
heap
|
page read and write
|
||
9E73000
|
heap
|
page execute and read and write
|
||
5E0000
|
direct allocation
|
page read and write
|
||
7FFB4B1B0000
|
trusted library allocation
|
page read and write
|
||
7FFB4B100000
|
trusted library allocation
|
page read and write
|
||
62A000
|
heap
|
page read and write
|
||
2B04D36E000
|
heap
|
page read and write
|
||
789B000
|
heap
|
page read and write
|
||
9CCA000
|
trusted library allocation
|
page read and write
|
||
2B04D3D6000
|
heap
|
page read and write
|
||
7FFB4B0B0000
|
trusted library allocation
|
page read and write
|
||
3078000
|
heap
|
page read and write
|
||
410000
|
heap
|
page read and write
|
||
2B05F37F000
|
trusted library allocation
|
page read and write
|
||
32C4000
|
trusted library allocation
|
page read and write
|
||
97B0000
|
heap
|
page read and write
|
||
2B0508B3000
|
trusted library allocation
|
page read and write
|
||
2D50000
|
heap
|
page read and write
|
||
D5F67A5000
|
stack
|
page read and write
|
||
404000
|
unkown
|
page readonly
|
||
588E000
|
heap
|
page read and write
|
||
7FFB4AF60000
|
trusted library allocation
|
page read and write
|
||
8510000
|
trusted library allocation
|
page read and write
|
||
9869000
|
heap
|
page read and write
|
||
503B000
|
trusted library allocation
|
page read and write
|
||
84C0000
|
trusted library allocation
|
page execute and read and write
|
||
2B04D3D8000
|
heap
|
page read and write
|
||
2B04D3D4000
|
heap
|
page read and write
|
||
2B04ED60000
|
trusted library allocation
|
page read and write
|
||
9DB0000
|
trusted library allocation
|
page execute and read and write
|
||
2B04D3D2000
|
heap
|
page read and write
|
||
25FE000
|
stack
|
page read and write
|
||
795E000
|
stack
|
page read and write
|
||
9D38000
|
direct allocation
|
page read and write
|
||
2B04D270000
|
heap
|
page read and write
|
||
5A0000
|
heap
|
page execute and read and write
|
||
3300000
|
heap
|
page read and write
|
||
253E000
|
stack
|
page read and write
|
There are 389 hidden memdumps, click here to show them.