├── .github └── workflows │ ├── gh-pages.yml │ ├── spellchecker.yml │ └── test.yml ├── .gitignore ├── .pyspelling.yml ├── .wordlist.dict ├── .wordlist.txt ├── CNAME ├── LICENSE.md ├── Makefile ├── README.md ├── RECmd_Batch ├── !RECmdBatch.guide ├── !RECmdBatch.template ├── AllRegExecutablesFoundOrRun.reb ├── BCDBootVolume.reb ├── BasicSystemInfo.reb ├── BatchExample.reb ├── BatchExampleServices.reb ├── BatchExampleSysCache.reb ├── BatchExampleUserAssist.reb ├── BatchExampleWildCard.reb ├── BinaryIncludeDemo.reb ├── InstalledSoftware.reb ├── Kroll_Batch.md ├── Kroll_Batch.reb ├── LICENSE.md ├── README.md ├── RECmd_Batch_MC.reb ├── RegistryASEPs.reb ├── SoftwareASEPs.reb ├── SoftwareClassesASEPs.reb ├── SoftwareWoW6432ASEPs.reb ├── SystemASEPs.reb ├── UserActivity.reb └── UserClassesASEPs.reb ├── Rules ├── AppCompatCache.yaml ├── Detections.yaml ├── RECmdBatch.yaml ├── RegRipper.yaml └── Velociraptor-Rules.yaml ├── bin ├── compile.go ├── main.go └── recmd.go ├── compiler ├── compiler.go ├── glob.go ├── index.go ├── meta_template.yaml ├── template.go └── template.yaml ├── config └── api.go ├── converters └── recmd.go ├── debug.go ├── docs ├── .gitignore ├── .hugo_build.lock ├── Makefile ├── config.toml ├── content │ ├── _index.md │ └── docs │ │ ├── GitHub │ │ └── _index.md │ │ ├── _index.md │ │ ├── registry_hunter │ │ ├── _index.md │ │ ├── hunting_for_psexec.png │ │ ├── hunting_the_registry.png │ │ ├── initial_notebook.png │ │ ├── mru.png │ │ ├── registry_hunter_remapping.png │ │ └── sysinternals_reg.png │ │ └── rules │ │ ├── *Minibuf-1* │ │ ├── # *Minibuf-1*# │ │ ├── _index.md │ │ └── index.json ├── go.mod ├── go.sum ├── layouts │ ├── _default │ │ └── _markup │ │ │ └── render-image.html │ ├── partials │ │ └── docs │ │ │ ├── inject │ │ │ └── head.html │ │ │ └── title.html │ ├── redirect │ │ └── single.html │ └── shortcodes │ │ ├── expand.html │ │ ├── link-heading.html │ │ ├── notice.html │ │ └── ruleset.html ├── resources │ └── _gen │ │ └── assets │ │ ├── book.scss_b807c86e8030af4cdc30edccea379f5f.content │ │ ├── book.scss_b807c86e8030af4cdc30edccea379f5f.json │ │ └── scss │ │ ├── book.scss_e129fe35b8d0a70789c8a08429469073.content │ │ └── book.scss_e129fe35b8d0a70789c8a08429469073.json └── static │ ├── CNAME │ ├── css │ └── theme.css │ └── js │ └── jquery-3.3.1.min.js ├── go.mod ├── go.sum ├── output └── .keep └── tests ├── .gitignore ├── Makefile ├── archives └── .keep ├── artifact_test.go ├── fixtures ├── Background Activity Moderator.golden ├── Environment.golden ├── Firewall Rules.golden ├── Interface Properties.golden ├── MRU.golden ├── RDP.golden ├── Recent File List.golden ├── Regedit.exe.golden ├── Scheduled Tasks.golden ├── Services.golden ├── System Info.golden ├── User Shell Folders.golden ├── UserAssist.golden ├── WinLogon.golden └── WordWheelQuery.golden └── test_files └── .keep /.github/workflows/gh-pages.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/.github/workflows/gh-pages.yml -------------------------------------------------------------------------------- /.github/workflows/spellchecker.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/.github/workflows/spellchecker.yml -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/.github/workflows/test.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | reghunter 2 | output/ -------------------------------------------------------------------------------- /.pyspelling.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/.pyspelling.yml -------------------------------------------------------------------------------- /.wordlist.dict: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/.wordlist.dict -------------------------------------------------------------------------------- /.wordlist.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/.wordlist.txt -------------------------------------------------------------------------------- /CNAME: -------------------------------------------------------------------------------- 1 | registry-hunter.velocidex.com -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/LICENSE.md -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/README.md -------------------------------------------------------------------------------- /RECmd_Batch/!RECmdBatch.guide: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/!RECmdBatch.guide -------------------------------------------------------------------------------- /RECmd_Batch/!RECmdBatch.template: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/!RECmdBatch.template -------------------------------------------------------------------------------- /RECmd_Batch/AllRegExecutablesFoundOrRun.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/AllRegExecutablesFoundOrRun.reb -------------------------------------------------------------------------------- /RECmd_Batch/BCDBootVolume.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/BCDBootVolume.reb -------------------------------------------------------------------------------- /RECmd_Batch/BasicSystemInfo.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/BasicSystemInfo.reb -------------------------------------------------------------------------------- /RECmd_Batch/BatchExample.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/BatchExample.reb -------------------------------------------------------------------------------- /RECmd_Batch/BatchExampleServices.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/BatchExampleServices.reb -------------------------------------------------------------------------------- /RECmd_Batch/BatchExampleSysCache.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/BatchExampleSysCache.reb -------------------------------------------------------------------------------- /RECmd_Batch/BatchExampleUserAssist.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/BatchExampleUserAssist.reb -------------------------------------------------------------------------------- /RECmd_Batch/BatchExampleWildCard.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/BatchExampleWildCard.reb -------------------------------------------------------------------------------- /RECmd_Batch/BinaryIncludeDemo.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/BinaryIncludeDemo.reb -------------------------------------------------------------------------------- /RECmd_Batch/InstalledSoftware.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/InstalledSoftware.reb -------------------------------------------------------------------------------- /RECmd_Batch/Kroll_Batch.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/Kroll_Batch.md -------------------------------------------------------------------------------- /RECmd_Batch/Kroll_Batch.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/Kroll_Batch.reb -------------------------------------------------------------------------------- /RECmd_Batch/LICENSE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/LICENSE.md -------------------------------------------------------------------------------- /RECmd_Batch/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/README.md -------------------------------------------------------------------------------- /RECmd_Batch/RECmd_Batch_MC.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/RECmd_Batch_MC.reb -------------------------------------------------------------------------------- /RECmd_Batch/RegistryASEPs.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/RegistryASEPs.reb -------------------------------------------------------------------------------- /RECmd_Batch/SoftwareASEPs.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/SoftwareASEPs.reb -------------------------------------------------------------------------------- /RECmd_Batch/SoftwareClassesASEPs.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/SoftwareClassesASEPs.reb -------------------------------------------------------------------------------- /RECmd_Batch/SoftwareWoW6432ASEPs.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/SoftwareWoW6432ASEPs.reb -------------------------------------------------------------------------------- /RECmd_Batch/SystemASEPs.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/SystemASEPs.reb -------------------------------------------------------------------------------- /RECmd_Batch/UserActivity.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/UserActivity.reb -------------------------------------------------------------------------------- /RECmd_Batch/UserClassesASEPs.reb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/RECmd_Batch/UserClassesASEPs.reb -------------------------------------------------------------------------------- /Rules/AppCompatCache.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/Rules/AppCompatCache.yaml -------------------------------------------------------------------------------- /Rules/Detections.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/Rules/Detections.yaml -------------------------------------------------------------------------------- /Rules/RECmdBatch.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/Rules/RECmdBatch.yaml -------------------------------------------------------------------------------- /Rules/RegRipper.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/Rules/RegRipper.yaml -------------------------------------------------------------------------------- /Rules/Velociraptor-Rules.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/Rules/Velociraptor-Rules.yaml -------------------------------------------------------------------------------- /bin/compile.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/bin/compile.go -------------------------------------------------------------------------------- /bin/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/bin/main.go -------------------------------------------------------------------------------- /bin/recmd.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/bin/recmd.go -------------------------------------------------------------------------------- /compiler/compiler.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/compiler/compiler.go -------------------------------------------------------------------------------- /compiler/glob.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/compiler/glob.go -------------------------------------------------------------------------------- /compiler/index.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/compiler/index.go -------------------------------------------------------------------------------- /compiler/meta_template.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/compiler/meta_template.yaml -------------------------------------------------------------------------------- /compiler/template.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/compiler/template.go -------------------------------------------------------------------------------- /compiler/template.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/compiler/template.yaml -------------------------------------------------------------------------------- /config/api.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/config/api.go -------------------------------------------------------------------------------- /converters/recmd.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/converters/recmd.go -------------------------------------------------------------------------------- /debug.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/debug.go -------------------------------------------------------------------------------- /docs/.gitignore: -------------------------------------------------------------------------------- 1 | public -------------------------------------------------------------------------------- /docs/.hugo_build.lock: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docs/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/Makefile -------------------------------------------------------------------------------- /docs/config.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/config.toml -------------------------------------------------------------------------------- /docs/content/_index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/content/_index.md -------------------------------------------------------------------------------- /docs/content/docs/GitHub/_index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/content/docs/GitHub/_index.md -------------------------------------------------------------------------------- /docs/content/docs/_index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/content/docs/_index.md -------------------------------------------------------------------------------- /docs/content/docs/registry_hunter/_index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/content/docs/registry_hunter/_index.md -------------------------------------------------------------------------------- /docs/content/docs/registry_hunter/hunting_for_psexec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/content/docs/registry_hunter/hunting_for_psexec.png -------------------------------------------------------------------------------- /docs/content/docs/registry_hunter/hunting_the_registry.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/content/docs/registry_hunter/hunting_the_registry.png -------------------------------------------------------------------------------- /docs/content/docs/registry_hunter/initial_notebook.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/content/docs/registry_hunter/initial_notebook.png -------------------------------------------------------------------------------- /docs/content/docs/registry_hunter/mru.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/content/docs/registry_hunter/mru.png -------------------------------------------------------------------------------- /docs/content/docs/registry_hunter/registry_hunter_remapping.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/content/docs/registry_hunter/registry_hunter_remapping.png -------------------------------------------------------------------------------- /docs/content/docs/registry_hunter/sysinternals_reg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/content/docs/registry_hunter/sysinternals_reg.png -------------------------------------------------------------------------------- /docs/content/docs/rules/ *Minibuf-1*: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/content/docs/rules/ *Minibuf-1* -------------------------------------------------------------------------------- /docs/content/docs/rules/# *Minibuf-1*#: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/content/docs/rules/# *Minibuf-1*# -------------------------------------------------------------------------------- /docs/content/docs/rules/_index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/content/docs/rules/_index.md -------------------------------------------------------------------------------- /docs/content/docs/rules/index.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/content/docs/rules/index.json -------------------------------------------------------------------------------- /docs/go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/go.mod -------------------------------------------------------------------------------- /docs/go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/go.sum -------------------------------------------------------------------------------- /docs/layouts/_default/_markup/render-image.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/layouts/_default/_markup/render-image.html -------------------------------------------------------------------------------- /docs/layouts/partials/docs/inject/head.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/layouts/partials/docs/inject/head.html -------------------------------------------------------------------------------- /docs/layouts/partials/docs/title.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/layouts/partials/docs/title.html -------------------------------------------------------------------------------- /docs/layouts/redirect/single.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/layouts/redirect/single.html -------------------------------------------------------------------------------- /docs/layouts/shortcodes/expand.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/layouts/shortcodes/expand.html -------------------------------------------------------------------------------- /docs/layouts/shortcodes/link-heading.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/layouts/shortcodes/link-heading.html -------------------------------------------------------------------------------- /docs/layouts/shortcodes/notice.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/layouts/shortcodes/notice.html -------------------------------------------------------------------------------- /docs/layouts/shortcodes/ruleset.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/layouts/shortcodes/ruleset.html -------------------------------------------------------------------------------- /docs/resources/_gen/assets/book.scss_b807c86e8030af4cdc30edccea379f5f.content: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/resources/_gen/assets/book.scss_b807c86e8030af4cdc30edccea379f5f.content -------------------------------------------------------------------------------- /docs/resources/_gen/assets/book.scss_b807c86e8030af4cdc30edccea379f5f.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/resources/_gen/assets/book.scss_b807c86e8030af4cdc30edccea379f5f.json -------------------------------------------------------------------------------- /docs/resources/_gen/assets/scss/book.scss_e129fe35b8d0a70789c8a08429469073.content: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/resources/_gen/assets/scss/book.scss_e129fe35b8d0a70789c8a08429469073.content -------------------------------------------------------------------------------- /docs/resources/_gen/assets/scss/book.scss_e129fe35b8d0a70789c8a08429469073.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/resources/_gen/assets/scss/book.scss_e129fe35b8d0a70789c8a08429469073.json -------------------------------------------------------------------------------- /docs/static/CNAME: -------------------------------------------------------------------------------- 1 | registry-hunter.velocidex.com -------------------------------------------------------------------------------- /docs/static/css/theme.css: -------------------------------------------------------------------------------- 1 | html { 2 | font-size: 16px; 3 | } 4 | -------------------------------------------------------------------------------- /docs/static/js/jquery-3.3.1.min.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/docs/static/js/jquery-3.3.1.min.js -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/go.sum -------------------------------------------------------------------------------- /output/.keep: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /tests/.gitignore: -------------------------------------------------------------------------------- 1 | archives 2 | test_files 3 | velociraptor -------------------------------------------------------------------------------- /tests/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/tests/Makefile -------------------------------------------------------------------------------- /tests/archives/.keep: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /tests/artifact_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/tests/artifact_test.go -------------------------------------------------------------------------------- /tests/fixtures/Background Activity Moderator.golden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/tests/fixtures/Background Activity Moderator.golden -------------------------------------------------------------------------------- /tests/fixtures/Environment.golden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/tests/fixtures/Environment.golden -------------------------------------------------------------------------------- /tests/fixtures/Firewall Rules.golden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/tests/fixtures/Firewall Rules.golden -------------------------------------------------------------------------------- /tests/fixtures/Interface Properties.golden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/tests/fixtures/Interface Properties.golden -------------------------------------------------------------------------------- /tests/fixtures/MRU.golden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/tests/fixtures/MRU.golden -------------------------------------------------------------------------------- /tests/fixtures/RDP.golden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/tests/fixtures/RDP.golden -------------------------------------------------------------------------------- /tests/fixtures/Recent File List.golden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/tests/fixtures/Recent File List.golden -------------------------------------------------------------------------------- /tests/fixtures/Regedit.exe.golden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/tests/fixtures/Regedit.exe.golden -------------------------------------------------------------------------------- /tests/fixtures/Scheduled Tasks.golden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/tests/fixtures/Scheduled Tasks.golden -------------------------------------------------------------------------------- /tests/fixtures/Services.golden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/tests/fixtures/Services.golden -------------------------------------------------------------------------------- /tests/fixtures/System Info.golden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/tests/fixtures/System Info.golden -------------------------------------------------------------------------------- /tests/fixtures/User Shell Folders.golden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/tests/fixtures/User Shell Folders.golden -------------------------------------------------------------------------------- /tests/fixtures/UserAssist.golden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/tests/fixtures/UserAssist.golden -------------------------------------------------------------------------------- /tests/fixtures/WinLogon.golden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/tests/fixtures/WinLogon.golden -------------------------------------------------------------------------------- /tests/fixtures/WordWheelQuery.golden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Velocidex/registry_hunter/HEAD/tests/fixtures/WordWheelQuery.golden -------------------------------------------------------------------------------- /tests/test_files/.keep: -------------------------------------------------------------------------------- 1 | 2 | --------------------------------------------------------------------------------