Windows Host Artifacts Registry

Operational Overview

Welcome, Analyst. Threat actors regularly interact with sub-systems inside Windows structures, leaving operational marks inside Event Logs (.evtx) and Sysmon telemetry.

Your objective is to traverse the four distinct analytical profiles within the matrix, dissect host evidence files, parse account modifications, trace process spawns, and verify your indicators to construct an attack map.