Manual
Search...
Ctrl
K
BluGenie
Artifacts
Tactical Artifacts by Category
Registry Query
Previous
Query for all Processes not running from the Windows and Program Files.* Directories
Next
Query Information from the Registry on Recentdocs, Recentapps
Last updated
3 years ago
Query Information from the Registry on Recentdocs, Recentapps
Query Registry for a list of mounted USB storage devices, including external memory cards
Query the Most Recently Used items from the Registry
Query the Most Recently Open and Saved File information from the Registry
Query all Run, RunOnce, and RunOnceEx Registry Keys
Query Command list from the MRU Registry List
Query Startup Services from the Registry
Query Map Network Drives from the Registry
Query Shell Folders and User Shell Folders from both the HKLM and HKU Registry Information
Query Typed Urls from the Registry
Query Current Control Set Services information from the Registry
Query Accessibility Features from Image File Execution Options from the Registry
Query the Registry for Commands that are automatically executed each time cmd.exe is run
Query the Registry for Mounted Device information
Query the Registry for Browser Helper Objects (BHO)
Query the Registry for Explore Run commands
Query the Registry for Winlogon Helper Dll's
Query the Registry for Active Setup information
Query the Registry for Bypassing UAC Mechanisms from the User-Accessible information
Query the Registry for User-Logon, and Startup Scripts
Query the Registry for the most common MRU information for All User Hives, including offline users
Query the Registry for any user, using the SysInternals Tools
