Microsoft-Windows-Threat-Intelligence
34 events across 1 channel
Event ID 1 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
OriginalProcessId UInt32 | — |
OriginalProcessCreateTime FILETIME | — |
OriginalProcessStartKey UInt64 | — |
OriginalProcessSignatureLevel UInt8 | — |
OriginalProcessSectionSignatureLevel UInt8 | — |
OriginalProcessProtection UInt8 | — |
BaseAddress Pointer | — |
RegionSize Pointer | — |
AllocationType UInt32 | — |
ProtectionMask UInt32 | — |
Event ID 2 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
OriginalProcessId UInt32 | — |
OriginalProcessCreateTime FILETIME | — |
OriginalProcessStartKey UInt64 | — |
OriginalProcessSignatureLevel UInt8 | — |
OriginalProcessSectionSignatureLevel UInt8 | — |
OriginalProcessProtection UInt8 | — |
BaseAddress Pointer | — |
RegionSize UInt64 | — |
ProtectionMask UInt32 | — |
LastProtectionMask UInt32 | — |
VaVadQueryResult UInt32 | — |
VaVadAllocationBase Pointer | — |
VaVadAllocationProtect UInt32 | — |
VaVadRegionType UInt32 | — |
VaVadRegionSize Pointer | — |
VaVadCommitSize Pointer | — |
VaVadMmfName UnicodeString | — |
TargetAddress Pointer | — |
FullRegionSize UInt64 | — |
Event ID 3 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
BaseAddress Pointer | — |
ViewSize Pointer | — |
AllocationType UInt32 | — |
ProtectionMask UInt32 | — |
Event ID 4 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
TargetThreadId UInt32 | — |
TargetThreadCreateTime FILETIME | — |
OriginalProcessId UInt32 | — |
OriginalProcessCreateTime FILETIME | — |
OriginalProcessStartKey UInt64 | — |
OriginalProcessSignatureLevel UInt8 | — |
OriginalProcessSectionSignatureLevel UInt8 | — |
OriginalProcessProtection UInt8 | — |
TargetThreadAlertable UInt8 | — |
ApcRoutine Pointer | — |
ApcArgument1 Pointer | — |
ApcArgument2 Pointer | — |
ApcArgument3 Pointer | — |
RealEventTime FILETIME | — |
ApcRoutineVadQueryResult UInt32 | — |
ApcRoutineVadAllocationBase Pointer | — |
ApcRoutineVadAllocationProtect UInt32 | — |
ApcRoutineVadRegionType UInt32 | — |
ApcRoutineVadRegionSize Pointer | — |
ApcRoutineVadCommitSize Pointer | — |
ApcRoutineVadMmfName UnicodeString | — |
ApcArgument1VadQueryResult UInt32 | — |
ApcArgument1VadAllocationBase Pointer | — |
ApcArgument1VadAllocationProtect UInt32 | — |
ApcArgument1VadRegionType UInt32 | — |
ApcArgument1VadRegionSize Pointer | — |
ApcArgument1VadCommitSize Pointer | — |
ApcArgument1VadMmfName UnicodeString | — |
Event ID 5 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
TargetThreadId UInt32 | — |
TargetThreadCreateTime FILETIME | — |
ContextFlags UInt32 | — |
ContextMask UInt16 | — |
Pc Pointer | — |
Sp Pointer | — |
Lr Pointer | — |
Fp Pointer | — |
Reg0 Pointer | — |
Reg1 Pointer | — |
Reg2 Pointer | — |
Reg3 Pointer | — |
Reg4 Pointer | — |
Reg5 Pointer | — |
Reg6 Pointer | — |
Reg7 Pointer | — |
RealEventTime FILETIME | — |
PcVadQueryResult UInt32 | — |
PcVadAllocationBase Pointer | — |
PcVadAllocationProtect UInt32 | — |
PcVadRegionType UInt32 | — |
PcVadRegionSize Pointer | — |
PcVadCommitSize Pointer | — |
PcVadMmfName UnicodeString | — |
Event ID 6 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
OriginalProcessId UInt32 | — |
OriginalProcessCreateTime FILETIME | — |
OriginalProcessStartKey UInt64 | — |
OriginalProcessSignatureLevel UInt8 | — |
OriginalProcessSectionSignatureLevel UInt8 | — |
OriginalProcessProtection UInt8 | — |
BaseAddress Pointer | — |
RegionSize Pointer | — |
AllocationType UInt32 | — |
ProtectionMask UInt32 | — |
Event ID 7 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
OriginalProcessId UInt32 | — |
OriginalProcessCreateTime FILETIME | — |
OriginalProcessStartKey UInt64 | — |
OriginalProcessSignatureLevel UInt8 | — |
OriginalProcessSectionSignatureLevel UInt8 | — |
OriginalProcessProtection UInt8 | — |
BaseAddress Pointer | — |
RegionSize UInt64 | — |
ProtectionMask UInt32 | — |
LastProtectionMask UInt32 | — |
VaVadQueryResult UInt32 | — |
VaVadAllocationBase Pointer | — |
VaVadAllocationProtect UInt32 | — |
VaVadRegionType UInt32 | — |
VaVadRegionSize Pointer | — |
VaVadCommitSize Pointer | — |
VaVadMmfName UnicodeString | — |
TargetAddress Pointer | — |
FullRegionSize UInt64 | — |
Event ID 8 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
BaseAddress Pointer | — |
ViewSize Pointer | — |
AllocationType UInt32 | — |
ProtectionMask UInt32 | — |
Event ID 11 —
Fields #
| Name | Description |
|---|---|
OperationStatus UInt32 | — |
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
BaseAddress Pointer | — |
BytesCopied Pointer | — |
VaVadQueryResult UInt32 | — |
VaVadAllocationBase Pointer | — |
VaVadAllocationProtect UInt32 | — |
VaVadRegionType UInt32 | — |
VaVadRegionSize Pointer | — |
VaVadCommitSize Pointer | — |
VaVadMmfName UnicodeString | — |
Event ID 12 —
Fields #
| Name | Description |
|---|---|
OperationStatus UInt32 | — |
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
BaseAddress Pointer | — |
BytesCopied Pointer | — |
VaVadQueryResult UInt32 | — |
VaVadAllocationBase Pointer | — |
VaVadAllocationProtect UInt32 | — |
VaVadRegionType UInt32 | — |
VaVadRegionSize Pointer | — |
VaVadCommitSize Pointer | — |
VaVadMmfName UnicodeString | — |
Event ID 13 —
Fields #
| Name | Description |
|---|---|
OperationStatus UInt32 | — |
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
BaseAddress Pointer | — |
BytesCopied Pointer | — |
VaVadQueryResult UInt32 | — |
VaVadAllocationBase Pointer | — |
VaVadAllocationProtect UInt32 | — |
VaVadRegionType UInt32 | — |
VaVadRegionSize Pointer | — |
VaVadCommitSize Pointer | — |
VaVadMmfName UnicodeString | — |
Event ID 14 —
Fields #
| Name | Description |
|---|---|
OperationStatus UInt32 | — |
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
BaseAddress Pointer | — |
BytesCopied Pointer | — |
VaVadQueryResult UInt32 | — |
VaVadAllocationBase Pointer | — |
VaVadAllocationProtect UInt32 | — |
VaVadRegionType UInt32 | — |
VaVadRegionSize Pointer | — |
VaVadCommitSize Pointer | — |
VaVadMmfName UnicodeString | — |
Event ID 15 —
Fields #
| Name | Description |
|---|---|
OperationStatus UInt32 | — |
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
TargetThreadId UInt32 | — |
TargetThreadCreateTime FILETIME | — |
Event ID 16 —
Fields #
| Name | Description |
|---|---|
OperationStatus UInt32 | — |
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
TargetThreadId UInt32 | — |
TargetThreadCreateTime FILETIME | — |
Event ID 17 —
Fields #
| Name | Description |
|---|---|
OperationStatus UInt32 | — |
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
Event ID 18 —
Fields #
| Name | Description |
|---|---|
OperationStatus UInt32 | — |
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
Event ID 19 —
Fields #
| Name | Description |
|---|---|
OperationStatus UInt32 | — |
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
Event ID 20 —
Fields #
| Name | Description |
|---|---|
OperationStatus UInt32 | — |
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
Event ID 21 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
OriginalProcessId UInt32 | — |
OriginalProcessCreateTime FILETIME | — |
OriginalProcessStartKey UInt64 | — |
OriginalProcessSignatureLevel UInt8 | — |
OriginalProcessSectionSignatureLevel UInt8 | — |
OriginalProcessProtection UInt8 | — |
BaseAddress Pointer | — |
RegionSize Pointer | — |
AllocationType UInt32 | — |
ProtectionMask UInt32 | — |
Event ID 22 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
OriginalProcessId UInt32 | — |
OriginalProcessCreateTime FILETIME | — |
OriginalProcessStartKey UInt64 | — |
OriginalProcessSignatureLevel UInt8 | — |
OriginalProcessSectionSignatureLevel UInt8 | — |
OriginalProcessProtection UInt8 | — |
BaseAddress Pointer | — |
RegionSize UInt64 | — |
ProtectionMask UInt32 | — |
LastProtectionMask UInt32 | — |
VaVadQueryResult UInt32 | — |
VaVadAllocationBase Pointer | — |
VaVadAllocationProtect UInt32 | — |
VaVadRegionType UInt32 | — |
VaVadRegionSize Pointer | — |
VaVadCommitSize Pointer | — |
VaVadMmfName UnicodeString | — |
TargetAddress Pointer | — |
FullRegionSize UInt64 | — |
Event ID 23 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
BaseAddress Pointer | — |
ViewSize Pointer | — |
AllocationType UInt32 | — |
ProtectionMask UInt32 | — |
Event ID 24 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
TargetThreadId UInt32 | — |
TargetThreadCreateTime FILETIME | — |
OriginalProcessId UInt32 | — |
OriginalProcessCreateTime FILETIME | — |
OriginalProcessStartKey UInt64 | — |
OriginalProcessSignatureLevel UInt8 | — |
OriginalProcessSectionSignatureLevel UInt8 | — |
OriginalProcessProtection UInt8 | — |
TargetThreadAlertable UInt8 | — |
ApcRoutine Pointer | — |
ApcArgument1 Pointer | — |
ApcArgument2 Pointer | — |
ApcArgument3 Pointer | — |
RealEventTime FILETIME | — |
ApcRoutineVadQueryResult UInt32 | — |
ApcRoutineVadAllocationBase Pointer | — |
ApcRoutineVadAllocationProtect UInt32 | — |
ApcRoutineVadRegionType UInt32 | — |
ApcRoutineVadRegionSize Pointer | — |
ApcRoutineVadCommitSize Pointer | — |
ApcRoutineVadMmfName UnicodeString | — |
ApcArgument1VadQueryResult UInt32 | — |
ApcArgument1VadAllocationBase Pointer | — |
ApcArgument1VadAllocationProtect UInt32 | — |
ApcArgument1VadRegionType UInt32 | — |
ApcArgument1VadRegionSize Pointer | — |
ApcArgument1VadCommitSize Pointer | — |
ApcArgument1VadMmfName UnicodeString | — |
Event ID 25 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
TargetThreadId UInt32 | — |
TargetThreadCreateTime FILETIME | — |
ContextFlags UInt32 | — |
ContextMask UInt16 | — |
Pc Pointer | — |
Sp Pointer | — |
Lr Pointer | — |
Fp Pointer | — |
Reg0 Pointer | — |
Reg1 Pointer | — |
Reg2 Pointer | — |
Reg3 Pointer | — |
Reg4 Pointer | — |
Reg5 Pointer | — |
Reg6 Pointer | — |
Reg7 Pointer | — |
RealEventTime FILETIME | — |
PcVadQueryResult UInt32 | — |
PcVadAllocationBase Pointer | — |
PcVadAllocationProtect UInt32 | — |
PcVadRegionType UInt32 | — |
PcVadRegionSize Pointer | — |
PcVadCommitSize Pointer | — |
PcVadMmfName UnicodeString | — |
Event ID 26 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
OriginalProcessId UInt32 | — |
OriginalProcessCreateTime FILETIME | — |
OriginalProcessStartKey UInt64 | — |
OriginalProcessSignatureLevel UInt8 | — |
OriginalProcessSectionSignatureLevel UInt8 | — |
OriginalProcessProtection UInt8 | — |
BaseAddress Pointer | — |
RegionSize Pointer | — |
AllocationType UInt32 | — |
ProtectionMask UInt32 | — |
Event ID 27 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
OriginalProcessId UInt32 | — |
OriginalProcessCreateTime FILETIME | — |
OriginalProcessStartKey UInt64 | — |
OriginalProcessSignatureLevel UInt8 | — |
OriginalProcessSectionSignatureLevel UInt8 | — |
OriginalProcessProtection UInt8 | — |
BaseAddress Pointer | — |
RegionSize UInt64 | — |
ProtectionMask UInt32 | — |
LastProtectionMask UInt32 | — |
VaVadQueryResult UInt32 | — |
VaVadAllocationBase Pointer | — |
VaVadAllocationProtect UInt32 | — |
VaVadRegionType UInt32 | — |
VaVadRegionSize Pointer | — |
VaVadCommitSize Pointer | — |
VaVadMmfName UnicodeString | — |
TargetAddress Pointer | — |
FullRegionSize UInt64 | — |
Event ID 28 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
TargetProcessId UInt32 | — |
TargetProcessCreateTime FILETIME | — |
TargetProcessStartKey UInt64 | — |
TargetProcessSignatureLevel UInt8 | — |
TargetProcessSectionSignatureLevel UInt8 | — |
TargetProcessProtection UInt8 | — |
BaseAddress Pointer | — |
ViewSize Pointer | — |
AllocationType UInt32 | — |
ProtectionMask UInt32 | — |
Event ID 29 —
Fields #
| Name | Description |
|---|---|
DriverNameLength UInt16 | — |
DriverName UnicodeString | — |
CodeIntegrityOption UInt32 | — |
Event ID 30 —
Fields #
| Name | Description |
|---|---|
DriverNameLength UInt16 | — |
DriverName UnicodeString | — |
Event ID 31 —
Fields #
| Name | Description |
|---|---|
DriverNameLength UInt16 | — |
DriverName UnicodeString | — |
DeviceNameLength UInt16 | — |
DeviceName UnicodeString | — |
Event ID 32 —
Fields #
| Name | Description |
|---|---|
DriverNameLength UInt16 | — |
DriverName UnicodeString | — |
DeviceNameLength UInt16 | — |
DeviceName UnicodeString | — |
Event ID 33 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
PreviousTokenQueryResult UInt32 | — |
PreviousTokenType UInt32 | — |
PreviousTokenElevation UInt32 | — |
PreviousTokenElevationType UInt32 | — |
PreviousTokenImpersonationLevel UInt32 | — |
PreviousTokenUser SID | — |
PreviousTokenTrustLevelCount UInt32 | — |
PreviousTokenTrustLevel 36 | — |
PreviousTokenIntegrityLevel UInt32 | — |
PreviousTokenSessionId UInt32 | — |
PreviousTokenLowBoxNumber UInt32 | — |
PreviousTokenAuthenticationId HexInt64 | — |
PreviousTokenGroupsCount UInt32 | — |
PreviousTokenGroups 37 | — |
CurrentTokenQueryResult UInt32 | — |
CurrentTokenType UInt32 | — |
CurrentTokenElevation UInt32 | — |
CurrentTokenElevationType UInt32 | — |
CurrentTokenImpersonationLevel UInt32 | — |
CurrentTokenUser SID | — |
CurrentTokenTrustLevelCount UInt32 | — |
CurrentTokenTrustLevel 39 | — |
CurrentTokenIntegrityLevel UInt32 | — |
CurrentTokenSessionId UInt32 | — |
CurrentTokenLowBoxNumber UInt32 | — |
CurrentTokenAuthenticationId HexInt64 | — |
CurrentTokenGroupsCount UInt32 | — |
CurrentTokenGroups 40 | — |
Event ID 34 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
Event ID 35 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
SessionId UInt32 | — |
SyscallEnum UInt32 | — |
IsSandboxedToken Boolean | — |
Event ID 36 —
Fields #
| Name | Description |
|---|---|
CallingProcessId UInt32 | — |
CallingProcessCreateTime FILETIME | — |
CallingProcessStartKey UInt64 | — |
CallingProcessSignatureLevel UInt8 | — |
CallingProcessSectionSignatureLevel UInt8 | — |
CallingProcessProtection UInt8 | — |
CallingThreadId UInt32 | — |
CallingThreadCreateTime FILETIME | — |
PreviousTokenQueryResult UInt32 | — |
PreviousTokenType UInt32 | — |
PreviousTokenElevation UInt32 | — |
PreviousTokenElevationType UInt32 | — |
PreviousTokenImpersonationLevel UInt32 | — |
PreviousTokenUser SID | — |
PreviousTokenTrustLevelCount UInt32 | — |
PreviousTokenTrustLevel 36 | — |
PreviousTokenIntegrityLevel UInt32 | — |
PreviousTokenSessionId UInt32 | — |
PreviousTokenLowBoxNumber UInt32 | — |
PreviousTokenAuthenticationId HexInt64 | — |
PreviousTokenGroupsCount UInt32 | — |
PreviousTokenGroups 37 | — |
CurrentTokenQueryResult UInt32 | — |
CurrentTokenType UInt32 | — |
CurrentTokenElevation UInt32 | — |
CurrentTokenElevationType UInt32 | — |
CurrentTokenImpersonationLevel UInt32 | — |
CurrentTokenUser SID | — |
CurrentTokenTrustLevelCount UInt32 | — |
CurrentTokenTrustLevel 39 | — |
CurrentTokenIntegrityLevel UInt32 | — |
CurrentTokenSessionId UInt32 | — |
CurrentTokenLowBoxNumber UInt32 | — |
CurrentTokenAuthenticationId HexInt64 | — |
CurrentTokenGroupsCount UInt32 | — |
CurrentTokenGroups 40 | — |