Event ID 12

Registry key and value create and delete operations

Source:

Microsoft-Windows-Sysmon

Category:

Registry object added or deleted (rule: RegistryEvent)

Registry object added or deleted:
    RuleName: %1!s!
    EventType: %2!s!
    UtcTime: %3!s!
    ProcessGuid: %4!s!
    ProcessId: %5!s!
    Image: %6!s!
    TargetObject: %7!s!
    User: %8!s!

Registry key and value create and delete operations map to this event type, which can be useful for monitoring for changes to Registry autostart locations, or specific malware registry modifications.

LEFT/RIGHT arrow keys for navigation

Back to List