Search notes:
Registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WINEVT
TODO
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WINEVT
seems somehow related to
Event Tracing for Windows
Index