Microsoft-Windows-Threat-Intelligence
34 events across 1 channel
| Event ID | Title | Channel |
|---|---|---|
| 1 | Analytic | |
| 2 | Analytic | |
| 3 | Analytic | |
| 4 | Analytic | |
| 5 | Analytic | |
| 6 | Analytic | |
| 7 | Analytic | |
| 8 | Analytic | |
| 11 | Analytic | |
| 12 | Analytic | |
| 13 | Analytic | |
| 14 | Analytic | |
| 15 | Analytic | |
| 16 | Analytic | |
| 17 | Analytic | |
| 18 | Analytic | |
| 19 | Analytic | |
| 20 | Analytic | |
| 21 | Analytic | |
| 22 | Analytic | |
| 23 | Analytic | |
| 24 | Analytic | |
| 25 | Analytic | |
| 26 | Analytic | |
| 27 | Analytic | |
| 28 | Analytic | |
| 29 | Analytic | |
| 30 | Analytic | |
| 31 | Analytic | |
| 32 | Analytic | |
| 33 | Analytic | |
| 34 | Analytic | |
| 35 | Analytic | |
| 36 | Analytic |
Event ID 1 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
OriginalProcessId | — |
OriginalProcessCreateTime | — |
OriginalProcessStartKey | — |
OriginalProcessSignatureLevel | — |
OriginalProcessSectionSignatureLevel | — |
OriginalProcessProtection | — |
BaseAddress | — |
RegionSize | — |
AllocationType | — |
ProtectionMask | — |
Event ID 2 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
OriginalProcessId | — |
OriginalProcessCreateTime | — |
OriginalProcessStartKey | — |
OriginalProcessSignatureLevel | — |
OriginalProcessSectionSignatureLevel | — |
OriginalProcessProtection | — |
BaseAddress | — |
RegionSize | — |
ProtectionMask | — |
LastProtectionMask | — |
VaVadQueryResult | — |
VaVadAllocationBase | — |
VaVadAllocationProtect | — |
VaVadRegionType | — |
VaVadRegionSize | — |
VaVadCommitSize | — |
VaVadMmfName | — |
TargetAddress | — |
FullRegionSize | — |
Event ID 3 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
BaseAddress | — |
ViewSize | — |
AllocationType | — |
ProtectionMask | — |
Event ID 4 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
TargetThreadId | — |
TargetThreadCreateTime | — |
OriginalProcessId | — |
OriginalProcessCreateTime | — |
OriginalProcessStartKey | — |
OriginalProcessSignatureLevel | — |
OriginalProcessSectionSignatureLevel | — |
OriginalProcessProtection | — |
TargetThreadAlertable | — |
ApcRoutine | — |
ApcArgument1 | — |
ApcArgument2 | — |
ApcArgument3 | — |
RealEventTime | — |
ApcRoutineVadQueryResult | — |
ApcRoutineVadAllocationBase | — |
ApcRoutineVadAllocationProtect | — |
ApcRoutineVadRegionType | — |
ApcRoutineVadRegionSize | — |
ApcRoutineVadCommitSize | — |
ApcRoutineVadMmfName | — |
ApcArgument1VadQueryResult | — |
ApcArgument1VadAllocationBase | — |
ApcArgument1VadAllocationProtect | — |
ApcArgument1VadRegionType | — |
ApcArgument1VadRegionSize | — |
ApcArgument1VadCommitSize | — |
ApcArgument1VadMmfName | — |
Event ID 5 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
TargetThreadId | — |
TargetThreadCreateTime | — |
ContextFlags | — |
ContextMask | — |
Pc | — |
Sp | — |
Lr | — |
Fp | — |
Reg0 | — |
Reg1 | — |
Reg2 | — |
Reg3 | — |
Reg4 | — |
Reg5 | — |
Reg6 | — |
Reg7 | — |
RealEventTime | — |
PcVadQueryResult | — |
PcVadAllocationBase | — |
PcVadAllocationProtect | — |
PcVadRegionType | — |
PcVadRegionSize | — |
PcVadCommitSize | — |
PcVadMmfName | — |
Event ID 6 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
OriginalProcessId | — |
OriginalProcessCreateTime | — |
OriginalProcessStartKey | — |
OriginalProcessSignatureLevel | — |
OriginalProcessSectionSignatureLevel | — |
OriginalProcessProtection | — |
BaseAddress | — |
RegionSize | — |
AllocationType | — |
ProtectionMask | — |
Event ID 7 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
OriginalProcessId | — |
OriginalProcessCreateTime | — |
OriginalProcessStartKey | — |
OriginalProcessSignatureLevel | — |
OriginalProcessSectionSignatureLevel | — |
OriginalProcessProtection | — |
BaseAddress | — |
RegionSize | — |
ProtectionMask | — |
LastProtectionMask | — |
VaVadQueryResult | — |
VaVadAllocationBase | — |
VaVadAllocationProtect | — |
VaVadRegionType | — |
VaVadRegionSize | — |
VaVadCommitSize | — |
VaVadMmfName | — |
TargetAddress | — |
FullRegionSize | — |
Event ID 8 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
BaseAddress | — |
ViewSize | — |
AllocationType | — |
ProtectionMask | — |
Event ID 11 —
Fields
| Name | Description |
|---|---|
OperationStatus | — |
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
BaseAddress | — |
BytesCopied | — |
VaVadQueryResult | — |
VaVadAllocationBase | — |
VaVadAllocationProtect | — |
VaVadRegionType | — |
VaVadRegionSize | — |
VaVadCommitSize | — |
VaVadMmfName | — |
Event ID 12 —
Fields
| Name | Description |
|---|---|
OperationStatus | — |
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
BaseAddress | — |
BytesCopied | — |
VaVadQueryResult | — |
VaVadAllocationBase | — |
VaVadAllocationProtect | — |
VaVadRegionType | — |
VaVadRegionSize | — |
VaVadCommitSize | — |
VaVadMmfName | — |
Event ID 13 —
Fields
| Name | Description |
|---|---|
OperationStatus | — |
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
BaseAddress | — |
BytesCopied | — |
VaVadQueryResult | — |
VaVadAllocationBase | — |
VaVadAllocationProtect | — |
VaVadRegionType | — |
VaVadRegionSize | — |
VaVadCommitSize | — |
VaVadMmfName | — |
Event ID 14 —
Fields
| Name | Description |
|---|---|
OperationStatus | — |
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
BaseAddress | — |
BytesCopied | — |
VaVadQueryResult | — |
VaVadAllocationBase | — |
VaVadAllocationProtect | — |
VaVadRegionType | — |
VaVadRegionSize | — |
VaVadCommitSize | — |
VaVadMmfName | — |
Event ID 15 —
Fields
| Name | Description |
|---|---|
OperationStatus | — |
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
TargetThreadId | — |
TargetThreadCreateTime | — |
Event ID 16 —
Fields
| Name | Description |
|---|---|
OperationStatus | — |
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
TargetThreadId | — |
TargetThreadCreateTime | — |
Event ID 17 —
Fields
| Name | Description |
|---|---|
OperationStatus | — |
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
Event ID 18 —
Fields
| Name | Description |
|---|---|
OperationStatus | — |
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
Event ID 19 —
Fields
| Name | Description |
|---|---|
OperationStatus | — |
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
Event ID 20 —
Fields
| Name | Description |
|---|---|
OperationStatus | — |
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
Event ID 21 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
OriginalProcessId | — |
OriginalProcessCreateTime | — |
OriginalProcessStartKey | — |
OriginalProcessSignatureLevel | — |
OriginalProcessSectionSignatureLevel | — |
OriginalProcessProtection | — |
BaseAddress | — |
RegionSize | — |
AllocationType | — |
ProtectionMask | — |
Event ID 22 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
OriginalProcessId | — |
OriginalProcessCreateTime | — |
OriginalProcessStartKey | — |
OriginalProcessSignatureLevel | — |
OriginalProcessSectionSignatureLevel | — |
OriginalProcessProtection | — |
BaseAddress | — |
RegionSize | — |
ProtectionMask | — |
LastProtectionMask | — |
VaVadQueryResult | — |
VaVadAllocationBase | — |
VaVadAllocationProtect | — |
VaVadRegionType | — |
VaVadRegionSize | — |
VaVadCommitSize | — |
VaVadMmfName | — |
TargetAddress | — |
FullRegionSize | — |
Event ID 23 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
BaseAddress | — |
ViewSize | — |
AllocationType | — |
ProtectionMask | — |
Event ID 24 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
TargetThreadId | — |
TargetThreadCreateTime | — |
OriginalProcessId | — |
OriginalProcessCreateTime | — |
OriginalProcessStartKey | — |
OriginalProcessSignatureLevel | — |
OriginalProcessSectionSignatureLevel | — |
OriginalProcessProtection | — |
TargetThreadAlertable | — |
ApcRoutine | — |
ApcArgument1 | — |
ApcArgument2 | — |
ApcArgument3 | — |
RealEventTime | — |
ApcRoutineVadQueryResult | — |
ApcRoutineVadAllocationBase | — |
ApcRoutineVadAllocationProtect | — |
ApcRoutineVadRegionType | — |
ApcRoutineVadRegionSize | — |
ApcRoutineVadCommitSize | — |
ApcRoutineVadMmfName | — |
ApcArgument1VadQueryResult | — |
ApcArgument1VadAllocationBase | — |
ApcArgument1VadAllocationProtect | — |
ApcArgument1VadRegionType | — |
ApcArgument1VadRegionSize | — |
ApcArgument1VadCommitSize | — |
ApcArgument1VadMmfName | — |
Event ID 25 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
TargetThreadId | — |
TargetThreadCreateTime | — |
ContextFlags | — |
ContextMask | — |
Pc | — |
Sp | — |
Lr | — |
Fp | — |
Reg0 | — |
Reg1 | — |
Reg2 | — |
Reg3 | — |
Reg4 | — |
Reg5 | — |
Reg6 | — |
Reg7 | — |
RealEventTime | — |
PcVadQueryResult | — |
PcVadAllocationBase | — |
PcVadAllocationProtect | — |
PcVadRegionType | — |
PcVadRegionSize | — |
PcVadCommitSize | — |
PcVadMmfName | — |
Event ID 26 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
OriginalProcessId | — |
OriginalProcessCreateTime | — |
OriginalProcessStartKey | — |
OriginalProcessSignatureLevel | — |
OriginalProcessSectionSignatureLevel | — |
OriginalProcessProtection | — |
BaseAddress | — |
RegionSize | — |
AllocationType | — |
ProtectionMask | — |
Event ID 27 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
OriginalProcessId | — |
OriginalProcessCreateTime | — |
OriginalProcessStartKey | — |
OriginalProcessSignatureLevel | — |
OriginalProcessSectionSignatureLevel | — |
OriginalProcessProtection | — |
BaseAddress | — |
RegionSize | — |
ProtectionMask | — |
LastProtectionMask | — |
VaVadQueryResult | — |
VaVadAllocationBase | — |
VaVadAllocationProtect | — |
VaVadRegionType | — |
VaVadRegionSize | — |
VaVadCommitSize | — |
VaVadMmfName | — |
TargetAddress | — |
FullRegionSize | — |
Event ID 28 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
TargetProcessId | — |
TargetProcessCreateTime | — |
TargetProcessStartKey | — |
TargetProcessSignatureLevel | — |
TargetProcessSectionSignatureLevel | — |
TargetProcessProtection | — |
BaseAddress | — |
ViewSize | — |
AllocationType | — |
ProtectionMask | — |
Event ID 29 —
Fields
| Name | Description |
|---|---|
DriverNameLength | — |
DriverName | — |
CodeIntegrityOption | — |
Event ID 30 —
Fields
| Name | Description |
|---|---|
DriverNameLength | — |
DriverName | — |
Event ID 31 —
Fields
| Name | Description |
|---|---|
DriverNameLength | — |
DriverName | — |
DeviceNameLength | — |
DeviceName | — |
Event ID 32 —
Fields
| Name | Description |
|---|---|
DriverNameLength | — |
DriverName | — |
DeviceNameLength | — |
DeviceName | — |
Event ID 33 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
PreviousTokenQueryResult | — |
PreviousTokenType | — |
PreviousTokenElevation | — |
PreviousTokenElevationType | — |
PreviousTokenImpersonationLevel | — |
PreviousTokenUser | — |
PreviousTokenTrustLevelCount | — |
PreviousTokenTrustLevel | — |
PreviousTokenIntegrityLevel | — |
PreviousTokenSessionId | — |
PreviousTokenLowBoxNumber | — |
PreviousTokenAuthenticationId | — |
PreviousTokenGroupsCount | — |
PreviousTokenGroups | — |
CurrentTokenQueryResult | — |
CurrentTokenType | — |
CurrentTokenElevation | — |
CurrentTokenElevationType | — |
CurrentTokenImpersonationLevel | — |
CurrentTokenUser | — |
CurrentTokenTrustLevelCount | — |
CurrentTokenTrustLevel | — |
CurrentTokenIntegrityLevel | — |
CurrentTokenSessionId | — |
CurrentTokenLowBoxNumber | — |
CurrentTokenAuthenticationId | — |
CurrentTokenGroupsCount | — |
CurrentTokenGroups | — |
Event ID 34 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
Event ID 35 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
SessionId | — |
SyscallEnum | — |
IsSandboxedToken | — |
Event ID 36 —
Fields
| Name | Description |
|---|---|
CallingProcessId | — |
CallingProcessCreateTime | — |
CallingProcessStartKey | — |
CallingProcessSignatureLevel | — |
CallingProcessSectionSignatureLevel | — |
CallingProcessProtection | — |
CallingThreadId | — |
CallingThreadCreateTime | — |
PreviousTokenQueryResult | — |
PreviousTokenType | — |
PreviousTokenElevation | — |
PreviousTokenElevationType | — |
PreviousTokenImpersonationLevel | — |
PreviousTokenUser | — |
PreviousTokenTrustLevelCount | — |
PreviousTokenTrustLevel | — |
PreviousTokenIntegrityLevel | — |
PreviousTokenSessionId | — |
PreviousTokenLowBoxNumber | — |
PreviousTokenAuthenticationId | — |
PreviousTokenGroupsCount | — |
PreviousTokenGroups | — |
CurrentTokenQueryResult | — |
CurrentTokenType | — |
CurrentTokenElevation | — |
CurrentTokenElevationType | — |
CurrentTokenImpersonationLevel | — |
CurrentTokenUser | — |
CurrentTokenTrustLevelCount | — |
CurrentTokenTrustLevel | — |
CurrentTokenIntegrityLevel | — |
CurrentTokenSessionId | — |
CurrentTokenLowBoxNumber | — |
CurrentTokenAuthenticationId | — |
CurrentTokenGroupsCount | — |
CurrentTokenGroups | — |