Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Kernel-Registry

Event ID 5

Message:



Event Data:

# Name In Type
Out Type
1 KeyObject win:Pointer win:HexInt64
2 Status win:UInt32 win:HexInt32
3 Type win:UInt32 xs:unsignedInt
4 DataSize win:UInt32 xs:unsignedInt
5 KeyName win:UnicodeString xs:string
6 ValueName win:UnicodeString xs:string
7 CapturedDataSize win:UInt16 xs:unsignedShort
8 CapturedData win:Binary xs:hexBinary
9 PreviousDataType win:UInt32 xs:unsignedInt
10 PreviousDataSize win:UInt32 xs:unsignedInt
11 PreviousDataCapturedSize win:UInt16 xs:unsignedShort
12 PreviousData win:Binary xs:hexBinary

Observed Windows Versions:

Version: 0

Fingerprint: D7S6ZHOLMOUII