manishkumarr1017
commented
3 years ago We are trying to use the ETW to extract all the windows API functions that got hooked. This can be used to extract the process, registry and file changes.
Open manorit2001 opened 3 years ago
manishkumarr1017
commented
3 years ago We are trying to use the ETW to extract all the windows API functions that got hooked. This can be used to extract the process, registry and file changes.
if we can extract the registry changes through ETW logs and map them to respective registry keys then it'll be good