Solved: Operation type for event 5058 {Solution}

Hons · ‎10-14-2022

Hello everyone,

Have you ever wondered why microsoft does not documented Operation types with Unicode + meaning?

You don´t need to anymore.

I have made the needed research (anyone can do) and here are the results:

%%2458 = Read

%%2459 = Write

%%2457 = Delete

mrthom · ‎10-14-2022

have found it 😄 it is non-sense string stored in system32/msobjs.dll and some snapshot can be seen there

%%2456 : Open key file.
%%2457 : Delete key file.
%%2458 : Read persisted key from file.
%%2459 : Write persisted key to file.

mrthom · ‎10-14-2022

have found it 😄 it is non-sense string stored in system32/msobjs.dll and some snapshot can be seen there

%%2456 : Open key file.
%%2457 : Delete key file.
%%2458 : Read persisted key from file.
%%2459 : Write persisted key to file.

Hons · ‎10-14-2022

Thanks @mrthom.

Your version is absolutely precise 😉

Operation type for event 5058 {Solution}