Event ID:
4657
Category:
Object Access
Subcategory:
Registry
Supported on:
Windows Vista, Windows Server 2008
A registry value was modified.
Subject:
Security ID: %1
Account Name: %2
Account Domain: %3
Logon ID: %4
Object:
Object Name: %5
Object Value Name: %6
Handle ID: %7
Operation Type: %8
Process Information:
Process ID: %13
Process Name: %14
Change Information:
Old Value Type: %9
Old Value: %10
New Value Type: %11
New Value: %12