Microsoft-Windows-Kernel-Audit-API-Calls

Seen on:

  • Windows 2012

  • Windows 10 (1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004, 20H2)

  • Windows 2016

  • Windows 2019

  • Windows 11 (21H2)

Name: Microsoft-Windows-Kernel-Audit-API-Calls
Identifier: {e02a841c-75a3-4fa7-afc8-ae09cf9b7f23}
Event message file(s): %SystemRoot%\system32\Microsoft-Windows-System-Events.dll