Microsoft-Windows-Threat-Intelligence {F4E1897C-BB5D-5668-F1D8-040F4D8DD344} %SystemRoot%\system32\Microsoft-Windows-System-Events.dll %SystemRoot%\system32\Microsoft-Windows-System-Events.dll Microsoft-Windows-Threat-Intelligence Microsoft-Windows-Threat-Intelligence/Analytic 0 16 false Information win:Informational 4 KERNEL_THREATINT_TASK_ALLOCVM 1 KERNEL_THREATINT_TASK_PROTECTVM 2 KERNEL_THREATINT_TASK_MAPVIEW 3 KERNEL_THREATINT_TASK_QUEUEUSERAPC 4 KERNEL_THREATINT_TASK_SETTHREADCONTEXT 5 KERNEL_THREATINT_TASK_READVM 6 KERNEL_THREATINT_TASK_WRITEVM 7 KERNEL_THREATINT_TASK_SUSPENDRESUME_THREAD 8 KERNEL_THREATINT_TASK_SUSPENDRESUME_PROCESS 9 KERNEL_THREATINT_TASK_DRIVER_DEVICE 10 KERNEL_THREATINT_PROCESS_IMPERSONATION_UP 11 KERNEL_THREATINT_PROCESS_IMPERSONATION_REVERT 12 KERNEL_THREATINT_PROCESS_SYSCALL_USAGE 13 KERNEL_THREATINT_PROCESS_IMPERSONATION_DOWN 14 KERNEL_THREATINT_KEYWORD_ALLOCVM_LOCAL 1 KERNEL_THREATINT_KEYWORD_ALLOCVM_LOCAL_KERNEL_CALLER 2 KERNEL_THREATINT_KEYWORD_ALLOCVM_REMOTE 4 KERNEL_THREATINT_KEYWORD_ALLOCVM_REMOTE_KERNEL_CALLER 8 KERNEL_THREATINT_KEYWORD_PROTECTVM_LOCAL 16 KERNEL_THREATINT_KEYWORD_PROTECTVM_LOCAL_KERNEL_CALLER 32 KERNEL_THREATINT_KEYWORD_PROTECTVM_REMOTE 64 KERNEL_THREATINT_KEYWORD_PROTECTVM_REMOTE_KERNEL_CALLER 128 KERNEL_THREATINT_KEYWORD_MAPVIEW_LOCAL 256 KERNEL_THREATINT_KEYWORD_MAPVIEW_LOCAL_KERNEL_CALLER 512 KERNEL_THREATINT_KEYWORD_MAPVIEW_REMOTE 1024 KERNEL_THREATINT_KEYWORD_MAPVIEW_REMOTE_KERNEL_CALLER 2048 KERNEL_THREATINT_KEYWORD_QUEUEUSERAPC_REMOTE 4096 KERNEL_THREATINT_KEYWORD_QUEUEUSERAPC_REMOTE_KERNEL_CALLER 8192 KERNEL_THREATINT_KEYWORD_SETTHREADCONTEXT_REMOTE 16384 KERNEL_THREATINT_KEYWORD_SETTHREADCONTEXT_REMOTE_KERNEL_CALLER 32768 KERNEL_THREATINT_KEYWORD_READVM_LOCAL 65536 KERNEL_THREATINT_KEYWORD_READVM_REMOTE 131072 KERNEL_THREATINT_KEYWORD_WRITEVM_LOCAL 262144 KERNEL_THREATINT_KEYWORD_WRITEVM_REMOTE 524288 KERNEL_THREATINT_KEYWORD_SUSPEND_THREAD 1048576 KERNEL_THREATINT_KEYWORD_RESUME_THREAD 2097152 KERNEL_THREATINT_KEYWORD_SUSPEND_PROCESS 4194304 KERNEL_THREATINT_KEYWORD_RESUME_PROCESS 8388608 KERNEL_THREATINT_KEYWORD_FREEZE_PROCESS 16777216 KERNEL_THREATINT_KEYWORD_THAW_PROCESS 33554432 KERNEL_THREATINT_KEYWORD_CONTEXT_PARSE 67108864 KERNEL_THREATINT_KEYWORD_EXECUTION_ADDRESS_VAD_PROBE 134217728 KERNEL_THREATINT_KEYWORD_EXECUTION_ADDRESS_MMF_NAME_PROBE 268435456 KERNEL_THREATINT_KEYWORD_READWRITEVM_NO_SIGNATURE_RESTRICTION 536870912 KERNEL_THREATINT_KEYWORD_DRIVER_EVENTS 1073741824 KERNEL_THREATINT_KEYWORD_DEVICE_EVENTS 2147483648 KERNEL_THREATINT_KEYWORD_READVM_REMOTE_FILL_VAD 4294967296 KERNEL_THREATINT_KEYWORD_WRITEVM_REMOTE_FILL_VAD 8589934592 KERNEL_THREATINT_KEYWORD_PROTECTVM_LOCAL_FILL_VAD 17179869184 KERNEL_THREATINT_KEYWORD_PROTECTVM_LOCAL_KERNEL_CALLER_FILL_VAD 34359738368 KERNEL_THREATINT_KEYWORD_PROTECTVM_REMOTE_FILL_VAD 68719476736 KERNEL_THREATINT_KEYWORD_PROTECTVM_REMOTE_KERNEL_CALLER_FILL_VAD 137438953472 KERNEL_THREATINT_KEYWORD_PROCESS_IMPERSONATION_UP 274877906944 KERNEL_THREATINT_KEYWORD_PROCESS_IMPERSONATION_REVERT 549755813888 KERNEL_THREATINT_KEYWORD_PROCESS_SYSCALL_USAGE 1099511627776 KERNEL_THREATINT_KEYWORD_QUEUEUSERAPC_AT_DPC 2199023255552 KERNEL_THREATINT_KEYWORD_PROCESS_IMPERSONATION_DOWN 4398046511104 1 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_ALLOCVM KERNEL_THREATINT_KEYWORD_ALLOCVM_REMOTE ]]> 2 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_PROTECTVM KERNEL_THREATINT_KEYWORD_PROTECTVM_REMOTE ]]> 2 2 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_PROTECTVM KERNEL_THREATINT_KEYWORD_PROTECTVM_REMOTE ]]> 2 3 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_PROTECTVM KERNEL_THREATINT_KEYWORD_PROTECTVM_REMOTE ]]> 3 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_MAPVIEW KERNEL_THREATINT_KEYWORD_MAPVIEW_REMOTE ]]> 4 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_QUEUEUSERAPC KERNEL_THREATINT_KEYWORD_QUEUEUSERAPC_REMOTE ]]> 5 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_SETTHREADCONTEXT KERNEL_THREATINT_KEYWORD_SETTHREADCONTEXT_REMOTE ]]> 6 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_ALLOCVM KERNEL_THREATINT_KEYWORD_ALLOCVM_LOCAL ]]> 7 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_PROTECTVM KERNEL_THREATINT_KEYWORD_PROTECTVM_LOCAL ]]> 7 2 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_PROTECTVM KERNEL_THREATINT_KEYWORD_PROTECTVM_LOCAL ]]> 7 3 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_PROTECTVM KERNEL_THREATINT_KEYWORD_PROTECTVM_LOCAL ]]> 8 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_MAPVIEW KERNEL_THREATINT_KEYWORD_MAPVIEW_LOCAL ]]> 11 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_READVM KERNEL_THREATINT_KEYWORD_READVM_LOCAL ]]> 11 2 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_READVM KERNEL_THREATINT_KEYWORD_READVM_LOCAL ]]> 12 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_WRITEVM KERNEL_THREATINT_KEYWORD_WRITEVM_LOCAL ]]> 12 2 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_WRITEVM KERNEL_THREATINT_KEYWORD_WRITEVM_LOCAL ]]> 13 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_READVM KERNEL_THREATINT_KEYWORD_READVM_REMOTE ]]> 13 2 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_READVM KERNEL_THREATINT_KEYWORD_READVM_REMOTE ]]> 14 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_WRITEVM KERNEL_THREATINT_KEYWORD_WRITEVM_REMOTE ]]> 14 2 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_WRITEVM KERNEL_THREATINT_KEYWORD_WRITEVM_REMOTE ]]> 15 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_SUSPENDRESUME_THREAD KERNEL_THREATINT_KEYWORD_SUSPEND_THREAD ]]> 16 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_SUSPENDRESUME_THREAD KERNEL_THREATINT_KEYWORD_RESUME_THREAD ]]> 17 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_SUSPENDRESUME_PROCESS KERNEL_THREATINT_KEYWORD_SUSPEND_PROCESS ]]> 18 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_SUSPENDRESUME_PROCESS KERNEL_THREATINT_KEYWORD_RESUME_PROCESS ]]> 19 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_SUSPENDRESUME_PROCESS KERNEL_THREATINT_KEYWORD_FREEZE_PROCESS ]]> 20 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_SUSPENDRESUME_PROCESS KERNEL_THREATINT_KEYWORD_THAW_PROCESS ]]> 21 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_ALLOCVM KERNEL_THREATINT_KEYWORD_ALLOCVM_REMOTE_KERNEL_CALLER ]]> 22 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_PROTECTVM KERNEL_THREATINT_KEYWORD_PROTECTVM_REMOTE_KERNEL_CALLER ]]> 22 2 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_PROTECTVM KERNEL_THREATINT_KEYWORD_PROTECTVM_REMOTE_KERNEL_CALLER ]]> 22 3 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_PROTECTVM KERNEL_THREATINT_KEYWORD_PROTECTVM_REMOTE_KERNEL_CALLER ]]> 23 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_MAPVIEW KERNEL_THREATINT_KEYWORD_MAPVIEW_REMOTE_KERNEL_CALLER ]]> 24 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_QUEUEUSERAPC KERNEL_THREATINT_KEYWORD_QUEUEUSERAPC_REMOTE_KERNEL_CALLER ]]> 25 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_SETTHREADCONTEXT KERNEL_THREATINT_KEYWORD_SETTHREADCONTEXT_REMOTE_KERNEL_CALLER ]]> 26 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_ALLOCVM KERNEL_THREATINT_KEYWORD_ALLOCVM_LOCAL_KERNEL_CALLER ]]> 27 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_PROTECTVM KERNEL_THREATINT_KEYWORD_PROTECTVM_LOCAL_KERNEL_CALLER ]]> 27 2 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_PROTECTVM KERNEL_THREATINT_KEYWORD_PROTECTVM_LOCAL_KERNEL_CALLER ]]> 27 3 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_PROTECTVM KERNEL_THREATINT_KEYWORD_PROTECTVM_LOCAL_KERNEL_CALLER ]]> 28 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_MAPVIEW KERNEL_THREATINT_KEYWORD_MAPVIEW_LOCAL_KERNEL_CALLER ]]> 29 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_DRIVER_DEVICE KERNEL_THREATINT_KEYWORD_DRIVER_EVENTS ]]> 30 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_DRIVER_DEVICE KERNEL_THREATINT_KEYWORD_DRIVER_EVENTS ]]> 31 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_DRIVER_DEVICE KERNEL_THREATINT_KEYWORD_DEVICE_EVENTS ]]> 32 1 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_TASK_DRIVER_DEVICE KERNEL_THREATINT_KEYWORD_DEVICE_EVENTS ]]> 33 0 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_PROCESS_IMPERSONATION_UP ]]> 34 0 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_PROCESS_IMPERSONATION_REVERT ]]> 35 0 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_PROCESS_SYSCALL_USAGE ]]> 36 0 Microsoft-Windows-Threat-Intelligence/Analytic Information KERNEL_THREATINT_PROCESS_IMPERSONATION_DOWN ]]>