Logo
RSS Feed

Mimikatz

⚙️ Windows Registry

Hives:

C:\Documents and Settings |*\ntuser.dat
C:\Users\ |*\ ntuser. dat
C: \Users\ \*\ntuser.dat. LOG|*
C: \ Users\ |*\ AppData\Local\Microsoft\Windows| UsrClass.dat
C: | Users\|*\ AppData\ Local\Microsoft Windows| UsrClass.dat.LOG|*
C: \Windows\System32\config\SAM. LOG|*
C: Windows\ System32\ config SECURITY. LOG\ *
C: Windows\ System32\ config\ SOFTWARE. LOG| *
C: Windows\ System32\ config SYSTEM. LOG\*
 C:\Documents and Settings |*\ntuser.dat
 C:\Users\ |*\ ntuser. dat
 C: \Users\ \*\ntuser.dat. LOG|*
 C: \ Users\ |*\ AppData\Local\Microsoft\Windows| UsrClass.dat
 C: | Users\|*\ AppData\ Local\Microsoft Windows| UsrClass.dat.LOG|*
 C: \Windows\System32\config\SAM. LOG|*
 C: Windows\ System32\ config SECURITY. LOG\ *
 C: Windows\ System32\ config\ SOFTWARE. LOG| *
 C: Windows\ System32\ config SYSTEM. LOG\*
C: \Windows\System32\config\ SAM
C: \Windows\System32\config\ SECURITY
C: \Windows\System32\config\ SOFTWARE
C: \Windows\System32\config\ SYSTEM
C: \Windows\System32\config\RegBack\\*. LOG|*
C: \Windows\System32\config\RegBack\SAM
C: \Windows\System32\config\RegBack\SECURITY
C: \Windows\System32\config\RegBack\SOFTWARE
C: \Windows\System32\config\RegBack\SYSTEM
Registryives: Path: C: \Windows\System32\config\RegBack\SYSTEMI

Registry is a repository for settings on a Windows machine. Prior to Windows NT, ini files were used. These were substituted with Windows registry to keep initialization and configurations. Some changes are also logged by the registry.