IOC Report
22V6t8mgjo.ps1

loading gif

Files

File Path
Type
Category
Malicious
22V6t8mgjo.ps1
ASCII text, with very long lines (65312), with CRLF, LF line terminators
initial sample
malicious
C:\ProgramData\8521.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\ProgramData\kF0wnCN24.bmp
PC bitmap, Windows 3.x format, 1280 x 1024 x 16, image size 2621440, cbSize 2621494, bits offset 54
dropped
malicious
C:\Users\user\Desktop\22V6t8mgjo.ps1
data
modified
malicious
C:\Users\user\Desktop\PALRGUCVEH\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\ZIPXYXWIOY\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\EIVQSAOTAQ.mp3.kF0wnCN24
x86 executable (TV) not stripped
dropped
malicious
C:\Users\user\Documents\PALRGUCVEH\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\Users\user\Documents\ZIPXYXWIOY\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\Users\jones\Searches\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\Users\jones\Videos\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\Users\jones\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\Users\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
malicious
C:\$WinREAgent\Scratch\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\$WinREAgent\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\E9E954CD\A213.tmp
data
dropped
C:\ProgramData\kF0wnCN24.ico
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
dropped
C:\Users\user\.curlrc.kF0wnCN24
data
dropped
C:\Users\user\.ms-ad\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\3D Objects\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2js42s5q.dph.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g3204cgq.nnx.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k1rw5i5u.wcg.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l2wmou2y.dvl.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_me2sb5pt.u2l.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qip1qaxw.2nk.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3NRLRM3L302C8IUTV59V.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\Contacts\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Desktop\BJZFPPWAPT.docx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\BJZFPPWAPT\BJZFPPWAPT.docx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\BJZFPPWAPT\DUUDTUBZFW.pdf.kF0wnCN24
data
dropped
C:\Users\user\Desktop\BJZFPPWAPT\EIVQSAOTAQ.mp3.kF0wnCN24
data
dropped
C:\Users\user\Desktop\BJZFPPWAPT\EOWRVPQCCS.jpg.kF0wnCN24
data
dropped
C:\Users\user\Desktop\BJZFPPWAPT\PALRGUCVEH.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\BJZFPPWAPT\ZGGKNSUKOP.png.kF0wnCN24
data
dropped
C:\Users\user\Desktop\BJZFPPWAPT\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Desktop\CZQKSDDMWR\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Desktop\DUUDTUBZFW.pdf.kF0wnCN24
data
dropped
C:\Users\user\Desktop\EIVQSAOTAQ.mp3.kF0wnCN24
data
dropped
C:\Users\user\Desktop\EIVQSAOTAQ.pdf.kF0wnCN24
data
dropped
C:\Users\user\Desktop\EOWRVPQCCS.jpg.kF0wnCN24
data
dropped
C:\Users\user\Desktop\EOWRVPQCCS.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\EWZCVGNOWT\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Desktop\GIGIYTFFYT.jpg.kF0wnCN24
data
dropped
C:\Users\user\Desktop\GIGIYTFFYT\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Desktop\PALRGUCVEH.docx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\PALRGUCVEH.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\PALRGUCVEH\EIVQSAOTAQ.pdf.kF0wnCN24
data
dropped
C:\Users\user\Desktop\PALRGUCVEH\EOWRVPQCCS.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\PALRGUCVEH\GIGIYTFFYT.jpg.kF0wnCN24
data
dropped
C:\Users\user\Desktop\PALRGUCVEH\PALRGUCVEH.docx.kF0wnCN24
data
dropped
C:\Users\user\Desktop\PALRGUCVEH\QCOILOQIKC.mp3.kF0wnCN24
data
dropped
C:\Users\user\Desktop\PALRGUCVEH\TQDFJHPUIU.png.kF0wnCN24
data
dropped
C:\Users\user\Desktop\QCOILOQIKC.mp3.kF0wnCN24
OpenPGP Public Key
dropped
C:\Users\user\Desktop\TQDFJHPUIU.png.kF0wnCN24
data
dropped
C:\Users\user\Desktop\ZGGKNSUKOP.png.kF0wnCN24
data
dropped
C:\Users\user\Documents\BJZFPPWAPT.docx.kF0wnCN24
data
dropped
C:\Users\user\Documents\BJZFPPWAPT\BJZFPPWAPT.docx.kF0wnCN24
data
dropped
C:\Users\user\Documents\BJZFPPWAPT\DUUDTUBZFW.pdf.kF0wnCN24
data
dropped
C:\Users\user\Documents\BJZFPPWAPT\EIVQSAOTAQ.mp3.kF0wnCN24
data
dropped
C:\Users\user\Documents\BJZFPPWAPT\EOWRVPQCCS.jpg.kF0wnCN24
data
dropped
C:\Users\user\Documents\BJZFPPWAPT\PALRGUCVEH.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Documents\BJZFPPWAPT\ZGGKNSUKOP.png.kF0wnCN24
data
dropped
C:\Users\user\Documents\BJZFPPWAPT\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Documents\CZQKSDDMWR\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Documents\DUUDTUBZFW.pdf.kF0wnCN24
data
dropped
C:\Users\user\Documents\EIVQSAOTAQ.pdf.kF0wnCN24
data
dropped
C:\Users\user\Documents\EOWRVPQCCS.jpg.kF0wnCN24
data
dropped
C:\Users\user\Documents\EOWRVPQCCS.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Documents\EWZCVGNOWT\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Documents\GIGIYTFFYT.jpg.kF0wnCN24
data
dropped
C:\Users\user\Documents\GIGIYTFFYT\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Documents\PALRGUCVEH.docx.kF0wnCN24
data
dropped
C:\Users\user\Documents\PALRGUCVEH.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Documents\PALRGUCVEH\EIVQSAOTAQ.pdf.kF0wnCN24
data
dropped
C:\Users\user\Documents\PALRGUCVEH\EOWRVPQCCS.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Documents\PALRGUCVEH\GIGIYTFFYT.jpg.kF0wnCN24
data
dropped
C:\Users\user\Documents\PALRGUCVEH\PALRGUCVEH.docx.kF0wnCN24
data
dropped
C:\Users\user\Documents\PALRGUCVEH\QCOILOQIKC.mp3.kF0wnCN24
data
dropped
C:\Users\user\Documents\PALRGUCVEH\TQDFJHPUIU.png.kF0wnCN24
data
dropped
C:\Users\user\Documents\QCOILOQIKC.mp3.kF0wnCN24
data
dropped
C:\Users\user\Documents\TQDFJHPUIU.png.kF0wnCN24
OpenPGP Secret Key
dropped
C:\Users\user\Documents\ZGGKNSUKOP.png.kF0wnCN24
data
dropped
C:\Users\user\Documents\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Downloads\BJZFPPWAPT.docx.kF0wnCN24
data
dropped
C:\Users\user\Downloads\DUUDTUBZFW.pdf.kF0wnCN24
OpenPGP Secret Key
dropped
C:\Users\user\Downloads\EIVQSAOTAQ.mp3.kF0wnCN24
data
dropped
C:\Users\user\Downloads\EIVQSAOTAQ.pdf.kF0wnCN24
data
dropped
C:\Users\user\Downloads\EOWRVPQCCS.jpg.kF0wnCN24
OpenPGP Public Key
dropped
C:\Users\user\Downloads\EOWRVPQCCS.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Downloads\GIGIYTFFYT.jpg.kF0wnCN24
data
dropped
C:\Users\user\Downloads\PALRGUCVEH.docx.kF0wnCN24
data
dropped
C:\Users\user\Downloads\PALRGUCVEH.xlsx.kF0wnCN24
data
dropped
C:\Users\user\Downloads\QCOILOQIKC.mp3.kF0wnCN24
data
dropped
C:\Users\user\Downloads\TQDFJHPUIU.png.kF0wnCN24
data
dropped
C:\Users\user\Downloads\ZGGKNSUKOP.png.kF0wnCN24
data
dropped
C:\Users\user\Downloads\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Favorites\Amazon.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\Bing.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\Facebook.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\Google.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\Links\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Favorites\Live.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\NYTimes.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\Reddit.url.kF0wnCN24
huf output
dropped
C:\Users\user\Favorites\Twitter.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\Wikipedia.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\Youtube.url.kF0wnCN24
data
dropped
C:\Users\user\Favorites\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Links\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Music\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\OneDrive\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Pictures\Camera Roll\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Pictures\Saved Pictures\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Pictures\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Recent\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Saved Games\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Searches\Everywhere.search-ms.kF0wnCN24
data
dropped
C:\Users\user\Searches\Indexed Locations.search-ms.kF0wnCN24
data
dropped
C:\Users\user\Searches\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms.kF0wnCN24
data
dropped
C:\Users\user\Videos\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\user\_curlrc.kF0wnCN24
data
dropped
C:\Users\user\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\jones\.ms-ad\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\jones\3D Objects\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\jones\Contacts\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\jones\Desktop\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\jones\Documents\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\jones\Downloads\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\jones\Favorites\Bing.url.kF0wnCN24
data
dropped
C:\Users\jones\Favorites\Links\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\jones\Favorites\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\jones\Links\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\jones\Music\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\jones\OneDrive\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\jones\Pictures\Camera Roll\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\jones\Pictures\Saved Pictures\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\jones\Pictures\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\jones\Saved Games\kF0wnCN24.README.txt
ASCII text, with very long lines (837), with CRLF line terminators
dropped
C:\Users\jones\Searches\Everywhere.search-ms.kF0wnCN24
data
dropped
C:\Users\jones\Searches\Indexed Locations.search-ms.kF0wnCN24
data
dropped
C:\Users\jones\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1002}-.searchconnector-ms.kF0wnCN24
data
dropped
c:\users\user\desktop\AAAAAAAAAAAAAAA (copy)
data
dropped
There are 138 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\22V6t8mgjo.ps1"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -ex bypass -nonI C:\Users\user\Desktop\22V6t8mgjo.ps1
malicious
C:\ProgramData\8521.tmp
"C:\ProgramData\8521.tmp"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
http://lockbitapiahy43zttdhslabjvx4q6k24xx7r33qtcvwqehmnnqxy3yd.onion
unknown
malicious
http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
unknown
malicious
http://lockbitapp24bvbi43n3qmtfcasf2veaeagjxatgbwtxnsh5w32mljad.onion
unknown
malicious
http://lockbitsptqsmaf56cmo7bieqwh5htlsfkodpahsaurxlquoz67zwrad.onion
unknown
malicious
http://lockbitspyakyequybgwgwauhzqxx7ba2gh3lmlj3zyeuaknrexdzfid.onion
unknown
malicious
http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
unknown
malicious
http://lockbitspxgtf65ej7uu5h7qtephbevcsc2sk2brxzmt754etrrzhdqd.onion
unknown
malicious
https://electrum.org/
unknown
malicious
http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
unknown
malicious
http://lockbitapyx2kr5b7ma7qn6ziwqgbrij2czhcbojuxmgnwpkgv2yx2yd.onion
unknown
malicious
http://lockbitapo3wkqddx2ka7t45hejurybzzjpos4cpeliudgv35kkizrid.onion
unknown
malicious
http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
unknown
malicious
http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
unknown
malicious
http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
unknown
malicious
http://lockbitapyum2wks2lbcnrovcgxj7ne3ua7hhcmshh3s3ajtpookohqd.onion
unknown
malicious
http://lockbitspudgjptrzadjzi7b4n2nw3yq6aqqqqw6wbrrjkr2ffuhkhyd.onion
unknown
malicious
http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
unknown
malicious
http://xvt5hvgldlzbll33sytrafy4sczfnqzrzdfuxe272iiaaw7pgogcxbid.onion
unknown
malicious
http://lockbitspxmqqfi6bw4y7f5psnpoaakhlisdx33busmnpgtimart5fad.onion
unknown
malicious
http://nuget.org/NuGet.exe
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
https://aka.ms/winsvr-2022-pshelp
unknown
http://pesterbdd.com/images/Pester.png
unknown
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://contoso.com/License
unknown
https://contoso.com/Icon
unknown
https://www.torproject.org/
unknown
https://bitcoin.org
unknown
https://github.com/Pester/Pester
unknown
https://aka.ms/pscore6lB
unknown
http://schemas.xmlsoap.org/wsdl/
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://oneget.orgX
unknown
https://twitter.com/hashtag/lockbit?f=live.
unknown
https://aka.ms/pscore68
unknown
http://www.microsoft.c
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://oneget.org
unknown
There are 30 hidden URLs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Control Panel\Desktop
WallPaper
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.kF0wnCN24
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kF0wnCN24\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AirSpaceChannel
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AMSI/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\DirectShowFilterGraph
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\EndpointMapper
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\ForwardedEvents
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\IHM_DebugChannel
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Intel-iaLPSS-GPIO/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Intel-iaLPSS2-I2C/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Intel-iaLPSS2-I2C/Performance
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationDS
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationMediaEngine
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationMP4
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationPerformance
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationPerformanceCore
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationPipeline
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\MediaFoundationPlatform
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-AppV-Client/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-License-Flexible-Platform/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-License-Flexible-Platform/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-License-Flexible-Platform/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-License-Flexible-Platform/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-Licensing-Platform/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-Licensing-Platform/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Client-Licensing-Platform/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-IEFRAME/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-Agent Driver/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-Agent Driver/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-App Agent/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-App Agent/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-SQM Uploader/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-User Experience Virtualization-SQM Uploader/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ADSI/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-All-User-Install-Agent/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-All-User-Install-Agent/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AllJoyn/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AllJoyn/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AllJoyn/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppHost/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppHost/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppHost/ApplicationTracing
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppHost/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppID/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application Server-Applications/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application Server-Applications/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Application Server-Applications/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeploymentServer/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeploymentServer/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeploymentServer/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeploymentServer/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AppXDeploymentServer/Restricted
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ASN1/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AssignedAccess/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AssignedAccessBroker/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/GlitchDetection
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/Informational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Audio/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Authentication User Interface/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Authentication User Interface/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-AxInstallService/Log
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Backup
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker-Driver-Performance/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker/BitLocker Management
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker/BitLocker Management
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker/BitLocker Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker/Tracing
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bits-Client/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bits-Client/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bluetooth-Bthmini/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bluetooth-MTPEnum/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Bluetooth-MTPEnum/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BranchCacheSMB/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BTH-BTHPORT/HCI
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CAPI2/Catalog Database Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CAPI2/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CDROM/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CmiSetup/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-COM/Call
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-COM/FreeUnusedLibrary
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ComDlg32/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-COMRuntime/Activations
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-COMRuntime/Tracing
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-BindFlt/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-BindFlt/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-BindFlt/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcifs/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcifs/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcnfs/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Containers-Wcnfs/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CoreApplication/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CoreApplication/Tracing
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CoreWindow/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CorruptedFileRecovery-Client/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-CorruptedFileRecovery-Server/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-BCRYPT/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-CNG/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-RNG/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Crypto-RSAEnh/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DAMM/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Data-Pdf/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DCLocator/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Deduplication/Diagnostic
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Deduplication/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Deduplication/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Deduplication/Performance
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Defrag-Core/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Deplorch/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DeviceConfidence/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Dhcpv6-Client/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Dhcpv6-Client/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-PCW/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scripted/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scripted/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-WDC/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Networking/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Performance/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-Performance/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DirectShow-KernelSupport/Performance
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DirectSound/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DisplayColorCalibration/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DisplayColorCalibration/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DLNA-Namespace/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DriverFrameworks-UserMode/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DSC/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Dwm-Udwm/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl-Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl-Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxgKrnl/Power
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DXP/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapHost/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapHost/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapMethods-RasTls/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EapMethods-Sim/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EDP-Audit-Regular/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EDP-Audit-Regular/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Energy-Estimation-Engine/EventLog
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Energy-Estimation-Engine/Trace
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ESE/IODiagnose
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ESE/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EventCollector/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EventCollector/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EventLog-WMIProvider/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EventLog/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-EventLog/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-Catalog/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-ConfigManager/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-Engine/BackupLog
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileHistory-Service/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FMS/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Folder Redirection/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Folder Redirection/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Forwarding/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-GroupPolicy/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HelloForBusiness/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HelloForBusiness/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Help/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HomeGroup Control Panel/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-HomeGroup Control Panel/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-Guest-Drivers/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-Guest-Drivers/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-Guest-Drivers/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-Guest-Drivers/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-Hypervisor-Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-Hypervisor-Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-NETVSC/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IdCtrls/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IE-SmartScreen
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IKE/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IKE/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IME-KRTIP/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IME-OEDCompiler/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IME-TCCORE/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-KdsSvc/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-KdsSvc/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kerberos/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-Acpi/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-ApphelpCache/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-ApphelpCache/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-Network/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-Pdc/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-Pep/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-PnP/Boot Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-PnP/Configuration
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-PnP/Configuration
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-PnP/Configuration Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-ShimEngine/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-ShimEngine/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-WHEA/Errors
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-WHEA/Errors
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-KeyboardFilter/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-L2NA/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LanguagePackSetup/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LanguagePackSetup/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LanguagePackSetup/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LDAP-Client/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LimitsManagement/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LiveId/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LiveId/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LiveId/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LSA/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LSA/Performance
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-LUA-ConsentUI/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Media-Streaming/DMC
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MediaFoundation-Performance/SARStreamResource
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MediaFoundation-PlayAPI/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MemoryDiagnostics-Results/Debug
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-MemoryDiagnostics-Results/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-mobsync/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NcdAutoSetup/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Network-and-Sharing-Center/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkProvider/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OcpUpdateAgent/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-OfflineFiles/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ParentalControls/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Policy/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Policy/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Power-Meter-Polling/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PowerCfg/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Proximity-Common/Informational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-QoS-Pacer/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RadioManager/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Regsvr32/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Regsvr32/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteApp and Desktop Connections/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteApp and Desktop Connections/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteApp and Desktop Connections/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteApp and Desktop Connections/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteAssistance/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteAssistance/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteAssistance/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Remotefs-Rdbss/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ResetEng-Trace/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Resource-Exhaustion-Detector/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Resource-Exhaustion-Detector/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ResourcePublication/Tracing
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RetailDemo/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-RPC-Proxy/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Runtime-Networking/Tracing
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Runtime-Web-Http/Tracing
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Runtime-WebAPI/Tracing
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-Adminless/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-Adminless/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-Audit-Configuration-Client/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-IdentityListener/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-Mitigations/UserMode
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-Mitigations/UserMode
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-Netlogon/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Security-UserConsentVerifier/Audit
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Sens/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SENSE/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SENSE/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SenseIR/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Serial-ClassExtension-V2/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Serial-ClassExtension/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ServiceReportingApi/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Servicing/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SettingSync-Azure/Debug
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Shell-DefaultPrograms/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Shell-OpenWith/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBClient/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmbClient/Audit
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SMBClient/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SmbClient/Security
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SPB-ClassExtension/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SPB-HIDI2C/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Speech-UserExperience/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-ClassPnP/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-ClassPnP/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Disk/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Storport/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Storport/Health
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Storport/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Storport/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Tiering-IoHeat/Heat
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Tiering/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storage-Tiering/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageManagement/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSettings/Diagnostic
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-Driver/Diagnostic
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-Driver/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-Driver/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-Driver/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-Driver/Performance
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-ManagementAgent/WHC
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-StorageSpaces-ManagementAgent/WHC
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storsvc/Diagnostic
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Storsvc/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Subsys-Csr/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Subsys-SMSS/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Superfetch/Main
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Superfetch/PfApLog
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-System-Profile-HardwareId/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SystemSettingsHandlers/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SystemSettingsThreshold/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SystemSettingsThreshold/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskbarCPL/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskScheduler/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskScheduler/Maintenance
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskScheduler/Maintenance
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskScheduler/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TCPIP/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TCPIP/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TenantRestrictions/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TenantRestrictions/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-LocalSessionManager/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-PnPDevices/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-PnPDevices/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-PnPDevices/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-PnPDevices/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-Printers/Admin
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-Printers/Admin
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-Printers/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ThemeUI/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TWinAPI/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-UAC-FileVirtualization/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-UIAnimation/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-USB-USBPORT/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-USB-USBXHCI-Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Volume/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Wcmsvc/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Wcmsvc/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WDAG-PolicyEvaluator-GP/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WDAG-PolicyEvaluator-GP/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WebAuth/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WebAuthN/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WebcamProvider/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WebIO-NDF/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WEPHOSTSVC/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WER-PayloadHealth/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WFP/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsColorSystem/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsSystemAssessmentTool/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsSystemAssessmentTool/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WinHTTP-NDF/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Winlogon/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Winlogon/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Winsrv/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Wired-AutoConfig/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WLANConnectionFlow/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WMPNSS-Service/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WorkFolders/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WorkFolders/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WPD-API/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WPD-ClassInstaller/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WPD-ClassInstaller/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WPD-CompositeClassDriver/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WPD-CompositeClassDriver/Operational
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WSC-SRV/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WUSA/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WWAN-CFE/Diagnostic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-XAML/Default
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Network Isolation Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OpenSSH/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\TimeBroker
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Windows Networking Vpn Plugin Platform/Operational
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Windows Networking Vpn Plugin Platform/OperationalVerbose
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\WINDOWS_MSMPEG2VDEC_CHANNEL
ChannelAccess
There are 410 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
9D21000
direct allocation
page execute read
malicious
6462000
trusted library allocation
page read and write
malicious
63C7000
trusted library allocation
page read and write
malicious
7FFB4AEC0000
trusted library allocation
page read and write
2B067540000
heap
page execute and read and write
9C90000
trusted library allocation
page read and write
7894000
heap
page read and write
405000
unkown
page read and write
2B05F311000
trusted library allocation
page read and write
2CDD000
stack
page read and write
D5F6D7E000
stack
page read and write
2B04D3B9000
heap
page read and write
7FFB4B0A0000
trusted library allocation
page execute and read and write
791E000
stack
page read and write
D5F6A7E000
stack
page read and write
9E00000
trusted library allocation
page execute and read and write
32B0000
trusted library allocation
page read and write
9D70000
heap
page execute and read and write
2B05F588000
trusted library allocation
page read and write
7FFB4B140000
trusted library allocation
page read and write
2B04D310000
heap
page read and write
9CE7000
trusted library allocation
page read and write
2B067364000
heap
page read and write
967D000
stack
page read and write
2B04D328000
heap
page read and write
2B050E2B000
trusted library allocation
page read and write
77DA000
heap
page read and write
7FFB4B150000
trusted library allocation
page read and write
72EE000
stack
page read and write
9C80000
trusted library allocation
page read and write
9E10000
trusted library allocation
page read and write
7FFB4B120000
trusted library allocation
page read and write
2CFE000
stack
page read and write
D5F6FFA000
stack
page read and write
7FFB4AF66000
trusted library allocation
page read and write
780B000
heap
page read and write
2B050EF0000
trusted library allocation
page read and write
9D10000
trusted library allocation
page execute and read and write
9750000
trusted library allocation
page read and write
2B050B4A000
trusted library allocation
page read and write
2CBF000
stack
page read and write
2B04D332000
heap
page read and write
715F000
stack
page read and write
2D9E000
unkown
page read and write
97B4000
heap
page read and write
7FE20000
direct allocation
page execute and read and write
2C9C000
stack
page read and write
61E000
stack
page read and write
2B050B1E000
trusted library allocation
page read and write
2F3F000
stack
page read and write
2E3E000
stack
page read and write
9CE1000
trusted library allocation
page read and write
7FFB4AEB3000
trusted library allocation
page execute and read and write
3102000
heap
page read and write
97C8000
heap
page read and write
3328000
heap
page read and write
2DF0000
heap
page read and write
25BE000
stack
page read and write
72AE000
stack
page read and write
7FFB4AEB2000
trusted library allocation
page read and write
32E0000
trusted library allocation
page read and write
7FFB4AF96000
trusted library allocation
page execute and read and write
4F70000
trusted library allocation
page read and write
4EB0000
trusted library allocation
page read and write
9767000
trusted library allocation
page read and write
D5F6B7D000
stack
page read and write
7430000
heap
page read and write
3152000
heap
page read and write
7FFB4AEB4000
trusted library allocation
page read and write
7FFB4B0F0000
trusted library allocation
page read and write
4FD0000
heap
page read and write
32D9000
trusted library allocation
page read and write
9B41000
trusted library allocation
page read and write
7FFB4B1D0000
trusted library allocation
page read and write
9C96000
trusted library allocation
page read and write
7AB0000
trusted library allocation
page read and write
52AA000
trusted library allocation
page read and write
310F000
heap
page read and write
2B04FF41000
trusted library allocation
page read and write
7FE40000
direct allocation
page execute and read and write
2B0518F4000
trusted library allocation
page read and write
7FE30000
direct allocation
page read and write
7F130000
trusted library allocation
page execute and read and write
2B0505C9000
trusted library allocation
page read and write
2B04D2F0000
heap
page read and write
6047000
trusted library allocation
page read and write
293F000
stack
page read and write
2B04D41B000
heap
page read and write
7A20000
trusted library allocation
page read and write
2B0673A6000
heap
page read and write
9DD0000
trusted library allocation
page execute and read and write
7AE0000
trusted library allocation
page read and write
76D2000
heap
page read and write
8601000
trusted library allocation
page read and write
711E000
stack
page read and write
2B04F160000
trusted library allocation
page read and write
9D20000
direct allocation
page read and write
4EA0000
heap
page readonly
9B50000
trusted library allocation
page read and write
7A50000
trusted library allocation
page read and write
9D00000
trusted library allocation
page read and write
2B05F4D4000
trusted library allocation
page read and write
2DE6000
heap
page read and write
2B04D2B5000
heap
page read and write
4E5E000
stack
page read and write
9EBD000
stack
page read and write
D5F6EF7000
stack
page read and write
70DF000
stack
page read and write
2B067687000
heap
page read and write
2B06769E000
heap
page read and write
9CC1000
trusted library allocation
page read and write
99EC000
trusted library allocation
page read and write
8A6E000
trusted library allocation
page read and write
99F0000
trusted library allocation
page execute and read and write
2CD7000
stack
page read and write
7FFB4AECB000
trusted library allocation
page read and write
D5F6DFD000
stack
page read and write
2B050B6D000
trusted library allocation
page read and write
2B067570000
heap
page read and write
9CF0000
trusted library allocation
page read and write
2B06766C000
heap
page read and write
765E000
stack
page read and write
2B067312000
heap
page read and write
30A7000
heap
page read and write
732A000
stack
page read and write
78D0000
heap
page execute and read and write
963E000
stack
page read and write
4F5E000
stack
page read and write
7FFB4B170000
trusted library allocation
page read and write
2B0676E1000
heap
page read and write
9B80000
trusted library allocation
page read and write
7FFB4B092000
trusted library allocation
page read and write
24F0000
heap
page read and write
32EA000
trusted library allocation
page execute and read and write
75DE000
stack
page read and write
32D0000
trusted library allocation
page read and write
5FE9000
trusted library allocation
page read and write
7FFB4B1C0000
trusted library allocation
page read and write
761F000
stack
page read and write
73ED000
stack
page read and write
2630000
heap
page execute and read and write
9DF0000
trusted library allocation
page read and write
2B067850000
heap
page read and write
99E6000
trusted library allocation
page read and write
79E0000
trusted library allocation
page read and write
D5F6BFE000
stack
page read and write
316D000
heap
page read and write
4C0000
heap
page read and write
19D000
stack
page read and write
701E000
stack
page read and write
D5F7C4F000
stack
page read and write
3280000
heap
page read and write
2B04ED40000
trusted library allocation
page read and write
448E000
heap
page read and write
308E000
heap
page read and write
71ED000
stack
page read and write
400000
unkown
page readonly
7FFB4B080000
trusted library allocation
page execute and read and write
7FE10000
direct allocation
page read and write
7FFB4B130000
trusted library allocation
page read and write
9CB0000
trusted library allocation
page read and write
32C3000
trusted library allocation
page execute and read and write
420000
heap
page read and write
327F000
stack
page read and write
7F148000
trusted library allocation
page execute and read and write
7A00000
trusted library allocation
page read and write
2B04D320000
heap
page read and write
4FC0000
heap
page execute and read and write
2B04ED90000
heap
page read and write
2B0676C9000
heap
page read and write
7AC0000
trusted library allocation
page read and write
D5F67EF000
stack
page read and write
628E000
heap
page read and write
4FE1000
trusted library allocation
page read and write
9C000
stack
page read and write
62E000
heap
page read and write
84B5000
stack
page read and write
709E000
stack
page read and write
7FFB4B0C0000
trusted library allocation
page read and write
613F000
trusted library allocation
page read and write
D5F6F79000
stack
page read and write
73AB000
stack
page read and write
32C0000
trusted library allocation
page read and write
7FFB4AF70000
trusted library allocation
page execute and read and write
2B067480000
heap
page execute and read and write
85AF000
stack
page read and write
4FC5000
heap
page execute and read and write
7FFB4B160000
trusted library allocation
page read and write
2B04F300000
heap
page execute and read and write
79DD000
stack
page read and write
2B050BA7000
trusted library allocation
page read and write
4E10000
trusted library allocation
page read and write
7FFB4B061000
trusted library allocation
page read and write
7FFB4B180000
trusted library allocation
page read and write
32F5000
trusted library allocation
page execute and read and write
9C9C000
trusted library allocation
page read and write
2B04F1A1000
heap
page read and write
D5F6CFE000
stack
page read and write
2B04F311000
trusted library allocation
page read and write
401000
unkown
page execute and read and write
6009000
trusted library allocation
page read and write
736E000
stack
page read and write
99E0000
trusted library allocation
page read and write
2DFF000
stack
page read and write
9B45000
trusted library allocation
page read and write
5FE1000
trusted library allocation
page read and write
2B0673CE000
heap
page read and write
856E000
stack
page read and write
7FFB4B0D0000
trusted library allocation
page read and write
98D1000
heap
page read and write
799E000
stack
page read and write
D5F6E76000
stack
page read and write
9836000
heap
page read and write
7A10000
trusted library allocation
page execute and read and write
9FC0000
heap
page read and write
401000
unkown
page execute read
8520000
heap
page read and write
2A7E000
stack
page read and write
97B8000
heap
page read and write
406000
unkown
page readonly
976D000
trusted library allocation
page read and write
2B05F4B4000
trusted library allocation
page read and write
7FFB4AF6C000
trusted library allocation
page execute and read and write
99D0000
trusted library allocation
page execute and read and write
8A6C000
trusted library allocation
page read and write
9CA0000
trusted library allocation
page execute and read and write
2A3F000
stack
page read and write
9D60000
trusted library allocation
page read and write
97F2000
heap
page read and write
7FFB4B1A0000
trusted library allocation
page read and write
2B04D3B0000
heap
page read and write
7FFB4AFD0000
trusted library allocation
page execute and read and write
78CB000
heap
page read and write
9DC1000
trusted library allocation
page read and write
2B04F39B000
trusted library allocation
page read and write
2B067547000
heap
page execute and read and write
2B04F541000
trusted library allocation
page read and write
2B04D31A000
heap
page read and write
4F0C000
stack
page read and write
7FFB4B200000
trusted library allocation
page read and write
7A90000
trusted library allocation
page read and write
2B04ED50000
heap
page readonly
4EC0000
heap
page read and write
2B05F494000
trusted library allocation
page read and write
4F10000
heap
page execute and read and write
7879000
heap
page read and write
D5F71FE000
stack
page read and write
283F000
stack
page read and write
7FFB4B110000
trusted library allocation
page read and write
96BE000
stack
page read and write
9D50000
trusted library allocation
page read and write
2B04D315000
heap
page read and write
726E000
stack
page read and write
D5F6C7B000
stack
page read and write
2B050EF4000
trusted library allocation
page read and write
9976000
heap
page read and write
7FFB4B070000
trusted library allocation
page execute and read and write
7A40000
trusted library allocation
page read and write
2B067650000
heap
page read and write
2633000
heap
page execute and read and write
85DF000
trusted library allocation
page read and write
7FFB4B190000
trusted library allocation
page read and write
24BF000
stack
page read and write
85F0000
heap
page read and write
6157000
trusted library allocation
page read and write
769E000
stack
page read and write
7A70000
trusted library allocation
page read and write
3070000
heap
page read and write
9D42000
direct allocation
page readonly
980C000
heap
page read and write
7B2C000
stack
page read and write
9CC4000
trusted library allocation
page read and write
6C8E000
heap
page read and write
7AA0000
trusted library allocation
page read and write
2B05F38B000
trusted library allocation
page read and write
D5F70FE000
stack
page read and write
309B000
heap
page read and write
7FFB4B06A000
trusted library allocation
page read and write
99C0000
trusted library allocation
page read and write
7FFB4B050000
trusted library allocation
page read and write
2B050C97000
trusted library allocation
page read and write
7FFB4B0E0000
trusted library allocation
page read and write
404000
unkown
page readonly
614B000
trusted library allocation
page read and write
96FE000
stack
page read and write
9E20000
trusted library allocation
page read and write
8500000
trusted library allocation
page read and write
7FDC0000
direct allocation
page execute and read and write
7A80000
trusted library allocation
page read and write
2B04D2B0000
heap
page read and write
9D80000
trusted library allocation
page read and write
97CC000
heap
page read and write
7FFB4B1F0000
trusted library allocation
page read and write
7FFB4B210000
trusted library allocation
page read and write
257E000
stack
page read and write
405000
unkown
page write copy
9E70000
heap
page execute and read and write
620000
heap
page read and write
4F60000
trusted library allocation
page execute and read and write
5135000
trusted library allocation
page read and write
9E6B000
stack
page read and write
32F0000
trusted library allocation
page read and write
3A8E000
heap
page read and write
2B04D2C0000
heap
page read and write
273F000
stack
page read and write
9D86000
trusted library allocation
page read and write
2BBE000
stack
page read and write
4E8E000
heap
page read and write
2DE0000
heap
page read and write
97BC000
heap
page read and write
2DDF000
unkown
page read and write
32CD000
trusted library allocation
page execute and read and write
85B0000
trusted library allocation
page execute and read and write
2B05F4CD000
trusted library allocation
page read and write
9CED000
trusted library allocation
page read and write
7DF480FD0000
trusted library allocation
page execute and read and write
4E9E000
stack
page read and write
2B04D280000
heap
page read and write
705E000
stack
page read and write
9D90000
trusted library allocation
page execute and read and write
9D37000
direct allocation
page readonly
9761000
trusted library allocation
page read and write
85D1000
trusted library allocation
page read and write
7AD0000
trusted library allocation
page read and write
32F2000
trusted library allocation
page read and write
6143000
trusted library allocation
page read and write
2B05F320000
trusted library allocation
page read and write
2B04D3F2000
heap
page read and write
51D2000
trusted library allocation
page read and write
77D0000
heap
page read and write
2B04EDE0000
heap
page read and write
9D8C000
trusted library allocation
page read and write
9B48000
trusted library allocation
page read and write
97C0000
heap
page read and write
D5F727B000
stack
page read and write
97C4000
heap
page read and write
5D0000
heap
page read and write
77F0000
heap
page read and write
742B000
stack
page read and write
2B04ED10000
trusted library allocation
page read and write
2B067550000
heap
page read and write
7FFB4AEBD000
trusted library allocation
page execute and read and write
400000
unkown
page readonly
722B000
stack
page read and write
77DE000
heap
page read and write
6002000
trusted library allocation
page read and write
84D0000
trusted library allocation
page read and write
305E000
stack
page read and write
D5F6AFE000
stack
page read and write
2B7F000
stack
page read and write
2B04D369000
heap
page read and write
2B05F50F000
trusted library allocation
page read and write
406000
unkown
page readonly
7A30000
trusted library allocation
page read and write
2B067310000
heap
page read and write
9CD0000
trusted library allocation
page execute and read and write
7A60000
trusted library allocation
page read and write
7FFB4B1E0000
trusted library allocation
page read and write
D5F707E000
stack
page read and write
3320000
heap
page read and write
2B05F33A000
trusted library allocation
page read and write
3307000
heap
page read and write
9E73000
heap
page execute and read and write
5E0000
direct allocation
page read and write
7FFB4B1B0000
trusted library allocation
page read and write
7FFB4B100000
trusted library allocation
page read and write
62A000
heap
page read and write
2B04D36E000
heap
page read and write
789B000
heap
page read and write
9CCA000
trusted library allocation
page read and write
2B04D3D6000
heap
page read and write
7FFB4B0B0000
trusted library allocation
page read and write
3078000
heap
page read and write
410000
heap
page read and write
2B05F37F000
trusted library allocation
page read and write
32C4000
trusted library allocation
page read and write
97B0000
heap
page read and write
2B0508B3000
trusted library allocation
page read and write
2D50000
heap
page read and write
D5F67A5000
stack
page read and write
404000
unkown
page readonly
588E000
heap
page read and write
7FFB4AF60000
trusted library allocation
page read and write
8510000
trusted library allocation
page read and write
9869000
heap
page read and write
503B000
trusted library allocation
page read and write
84C0000
trusted library allocation
page execute and read and write
2B04D3D8000
heap
page read and write
2B04D3D4000
heap
page read and write
2B04ED60000
trusted library allocation
page read and write
9DB0000
trusted library allocation
page execute and read and write
2B04D3D2000
heap
page read and write
25FE000
stack
page read and write
795E000
stack
page read and write
9D38000
direct allocation
page read and write
2B04D270000
heap
page read and write
5A0000
heap
page execute and read and write
3300000
heap
page read and write
253E000
stack
page read and write
There are 389 hidden memdumps, click here to show them.