Microsoft-Windows-Kernel-Registry

45 events across 2 channels

Event ID	Title	Channel
1		Analytic
2		Analytic
3		Analytic
4		Analytic
5		Analytic
6		Analytic
7		Analytic
8		Analytic
9		Analytic
10		Analytic
11		Analytic
12		Analytic
13		Analytic
14		Analytic
15		Analytic
16		Performance
17		Performance
18		Performance
19		Performance
20		Performance
21		Performance
22		Performance
23		Performance
24		Performance
25		Performance
26		Performance
27		Performance
28		Performance
29		Performance
30		Performance
31		Performance
32		Performance
33		Performance
34		Performance
35		Performance
36		Performance
37		Performance
38		Performance
39		Performance
40		Performance
41		Performance
42		Performance
43		Performance
44		Performance
45		Performance

Event ID 1 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Analytic

Fields

Name	Description
`BaseObject`	—
`KeyObject`	—
`Status`	—
`Disposition`	—
`BaseName`	—
`RelativeName`	—

Event ID 2 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Analytic

Fields

Name	Description
`BaseObject`	—
`KeyObject`	—
`Status`	—
`Disposition`	—
`BaseName`	—
`RelativeName`	—

Event ID 3 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Analytic

Fields

Name	Description
`KeyObject`	—
`Status`	—
`KeyName`	—

Event ID 4 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Analytic

Fields

Name	Description
`KeyObject`	—
`Status`	—
`InfoClass`	—
`DataSize`	—
`KeyName`	—
`CapturedDataSize`	—
`CapturedData`	—

Event ID 5 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Analytic

Fields

Name	Description
`KeyObject`	—
`Status`	—
`Type`	—
`DataSize`	—
`KeyName`	—
`ValueName`	—
`CapturedDataSize`	—
`CapturedData`	—
`PreviousDataType`	—
`PreviousDataSize`	—
`PreviousDataCapturedSize`	—
`PreviousData`	—

Event ID 6 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Analytic

Fields

Name	Description
`KeyObject`	—
`Status`	—
`KeyName`	—
`ValueName`	—

Event ID 7 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Analytic

Fields

Name	Description
`KeyObject`	—
`Status`	—
`InfoClass`	—
`DataSize`	—
`KeyName`	—
`ValueName`	—
`CapturedDataSize`	—
`CapturedData`	—

Event ID 8 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Analytic

Fields

Name	Description
`KeyObject`	—
`Status`	—
`Index`	—
`InfoClass`	—
`DataSize`	—
`KeyName`	—
`CapturedDataSize`	—
`CapturedData`	—

Event ID 9 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Analytic

Fields

Name	Description
`KeyObject`	—
`Status`	—
`Index`	—
`InfoClass`	—
`DataSize`	—
`KeyName`	—
`CapturedDataSize`	—
`CapturedData`	—

Event ID 10 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Analytic

Fields

Name	Description
`KeyObject`	—
`Status`	—
`EntryCount`	—
`DataSize`	—
`KeyName`	—

Event ID 11 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Analytic

Fields

Name	Description
`KeyObject`	—
`Status`	—
`InfoClass`	—
`DataSize`	—
`KeyName`	—
`CapturedDataSize`	—
`CapturedData`	—

Event ID 12 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Analytic

Fields

Name	Description
`KeyObject`	—
`Status`	—
`KeyName`	—

Event ID 13 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Analytic

Fields

Name	Description
`KeyObject`	—
`Status`	—
`KeyName`	—

Event ID 14 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Analytic

Fields

Name	Description
`KeyObject`	—
`Status`	—
`KeyName`	—

Event ID 15 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Analytic

Fields

Name	Description
`KeyObject`	—
`Status`	—
`KeyName`	—

Event ID 16 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Event ID 17 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Fields

Name	Description
`HiveFilePath`	—
`FileSize`	—

Event ID 18 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Fields

Name	Description
`TotalEntrySize`	—
`BytesRecovered`	—

Event ID 19 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Fields

Name	Description
`StatusCode`	—

Event ID 20 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Fields

Name	Description
`HiveFilePath`	—
`HiveMountPoint`	—

Event ID 21 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Fields

Name	Description
`StatusCode`	—

Event ID 22 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Fields

Name	Description
`HiveFilePath`	—
`HiveMountPoint`	—
`FlushFlags`	—

Event ID 23 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Event ID 24 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Fields

Name	Description
`BytesGathered`	—

Event ID 25 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Fields

Name	Description
`BytesGathered`	—

Event ID 26 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Fields

Name	Description
`WritesIssued`	—
`BytesWritten`	—

Event ID 27 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Fields

Name	Description
`WritesIssued`	—
`BytesWritten`	—

Event ID 28 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Event ID 29 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Event ID 30 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Event ID 31 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Fields

Name	Description
`StatusCode`	—

Event ID 32 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Event ID 33 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Event ID 34 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Event ID 35 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Event ID 36 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Event ID 37 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Fields

Name	Description
`SourceFile`	—
`Flags`	—

Event ID 38 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Fields

Name	Description
`StatusCode`	—

Event ID 39 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Fields

Name	Description
`SourceFile`	—
`Flags`	—

Event ID 40 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Fields

Name	Description
`StatusCode`	—

Event ID 41 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Fields

Name	Description
`SourceKeyPath`	—

Event ID 42 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Event ID 43 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Event ID 44 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Event ID 45 —

Provider: Microsoft-Windows-Kernel-Registry
Channel: Performance

Fields

Name	Description
`StatusCode`	—