drop wevtutil · registry · system evtx · disabled forensic channels · blind spot analysis · csv export · runs locally
artifacts
drop wevtutil / registry / evtx csv
or click
WINEVT Channels Enabled=0 · wevtutil gl · Event ID 6 provider disabled
drop wevtutil output · registry · system evtx csv