Event ID 13

Identifies Registry value modifications

Source:

Microsoft-Windows-Sysmon

Category:

Registry value set (rule: RegistryEvent)

Registry value set:
    RuleName: %1!s!
    EventType: %2!s!
    UtcTime: %3!s!
    ProcessGuid: %4!s!
    ProcessId: %5!s!
    Image: %6!s!
    TargetObject: %7!s!
    Details: %8!s!
    User: %9!s!

This Registry event type identifies Registry value modifications. The event records the value written for Registry values of type DWORD and QWORD.

LEFT/RIGHT arrow keys for navigation

Back to List