detection.wiki

Microsoft-Windows-User Profiles Service › Event 5

Event ID 5 — Registry file File is loaded at HKU\Key.

Provider
Microsoft-Windows-User Profiles Service
Channel
Operational
Level
Informational

Description

Registry file File is loaded at HKU\Key.

Message #

Registry file %1 is loaded at HKU\%2.

Fields #

NameDescription
File UnicodeString
Key UnicodeString

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-User Profiles Service",
    "guid": "89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845",
    "event_source_name": "",
    "event_id": 5,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-11-05T22:32:20.716085+00:00",
    "event_record_id": 66,
    "correlation": {},
    "execution": {
      "process_id": 1428,
      "thread_id": 1540
    },
    "channel": "Microsoft-Windows-User Profile Service/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "File": "C:\\Users\\User\\AppData\\Local\\Microsoft\\Windows\\\\UsrClass.dat",
    "Key": "S-1-5-21-1992711665-1655669231-58201500-1000_Classes"
  },
  "message": ""
}

References #