.

KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY

Server : Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
System : Windows NT SERVER-PC 10.0 build 26200 (Windows 11) AMD64
User : ServerPC ( 0)
PHP Version : 8.2.12
Disable Function : NONE
Directory : C:/Windows/System32/Tasks_Migrated/Microsoft/Windows/MemoryDiagnostic/

Upload File :

Current File : C:/Windows/System32/Tasks_Migrated/Microsoft/Windows/MemoryDiagnostic/ProcessMemoryDiagnosticEvents

��<?xml version="1.0" encoding="UTF-16"?>

<Task xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">

  <RegistrationInfo>

    <Version>1.0</Version>

    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)</SecurityDescriptor>

    <Source>$(@%SystemRoot%\system32\MemoryDiagnostic.dll,-601)</Source>

    <Author>$(@%SystemRoot%\system32\MemoryDiagnostic.dll,-600)</Author>

    <Description>$(@%SystemRoot%\system32\MemoryDiagnostic.dll,-603)</Description>

    <URI>\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents</URI>

  </RegistrationInfo>

  <Principals>

    <Principal id="LocalAdmin">

      <GroupId>S-1-5-32-544</GroupId>

      <RunLevel>HighestAvailable</RunLevel>

    </Principal>

  </Principals>

  <Settings>

    <AllowHardTerminate>false</AllowHardTerminate>

    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>

    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>

    <ExecutionTimeLimit>PT2H</ExecutionTimeLimit>

    <Hidden>true</Hidden>

    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>

    <StartWhenAvailable>true</StartWhenAvailable>

    <RunOnlyIfIdle>true</RunOnlyIfIdle>

    <IdleSettings>

      <StopOnIdleEnd>true</StopOnIdleEnd>

      <RestartOnIdle>true</RestartOnIdle>

    </IdleSettings>

    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>

  </Settings>

  <Triggers>

    <EventTrigger>

      <Subscription>&lt;QueryList&gt;&lt;Query Id="0" Path="System"&gt;&lt;Select Path="System"&gt;*[System[Provider[@Name='Microsoft-Windows-WER-SystemErrorReporting'] and (EventID=1000 or EventID=1001 or EventID=1006)]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>

    </EventTrigger>

    <EventTrigger>

      <Subscription>&lt;QueryList&gt;&lt;Query Id="0" Path="Application"&gt;&lt;Select Path="Application"&gt;*[System[Provider[@Name='Application Error'] and EventID=1000]] and *[EventData[Data[1]='svchost.exe_SysMain' and Data[7]='c000003f']]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>

    </EventTrigger>

    <EventTrigger>

      <Subscription>&lt;QueryList&gt;&lt;Query Id="0" Path="System"&gt;&lt;Select Path="System"&gt;*[System[Provider[@Name='Application Popup'] and EventID=1801]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>

    </EventTrigger>

    <EventTrigger>

      <Subscription>&lt;QueryList&gt;&lt;Query Id="0" Path="Microsoft-Windows-Kernel-StoreMgr/Operational"&gt;&lt;Select Path="Microsoft-Windows-Kernel-StoreMgr/Operational"&gt;*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>

    </EventTrigger>

  </Triggers>

  <Actions Context="LocalAdmin">

    <ComHandler>

      <ClassId>{8168E74A-B39F-46D8-ADCD-7BED477B80A3}</ClassId>

      <Data><![CDATA[Event]]></Data>

    </ComHandler>

  </Actions>

</Task>

Anon7 - 2021