drop system evtx csv and registry export · detect windows error reporting disabled or suppressed · identify crash dump suppression hiding evidence of crashing malware · surface wer configuration changes · runs locally
WER Disabled / DumpType=0 registry · Event 1001 gaps · WerSvc 7036 · reg.exe / PowerShell suppression · CrashDumps / Minidump MFT
drop system evtx csv, registry export, or mft csv