- List of Event Providers and associated GUID:
| Provider Name | Provider GUID | Module Name |
|---|---|---|
| MicrosoftWindowsFileExplorer | {8E12DCD2-FE15-5AF4-2A6A-E707D9DC7DE5} | Explorer.exe |
| Microsoft.Notepad (old) | {30D0A2A5-808D-567B-18FE-2AE44C127BDC} | Notepad.exe |
| Microsoft.Notepad (new) | {E29EB67A-714D-4D58-A598-46DEE87E620B} | Notepad.exe |
| MICROSOFT_TWINAPI_PUBLISHER | {5F0E257F-C224-43E5-9555-2ADCB8540A58} | Explorer.exe |
| Microsoft.Web.Platform | {FF32ADA1-5A4B-583C-889E-A3C027B201F5} | UrlMon.dll |
| Microsoft.Windows.AppLifeCycle.UI | {EE97CDC4-B095-5C70-6E37-A541EB74C2B5} | Explorer.exe |
| Microsoft-Windows-AppModel-Runtime | {F1EF270A-0D32-4352-BA52-DBAB41E1D859} | KernelBase.dll |
| Microsoft-Windows-AppModel-State | {BFF15E13-81BF-45EE-8B16-7CFEAD00DA86} | KernelBase.dll |
| Microsoft.Windows.AppModel.StateManagerTelemetry | {41B5F6E6-F53C-4645-A991-135C2011C074} | KernelBase.dll |
| Microsoft.Windows.Base.Win32.Job | {58E1853A-3C4E-4BBA-9FF8-E1CD088D25A5} | Kernel32.dll |
| Microsoft.Windows.CleanupMgr | {CE790967-FF23-464C-A976-1389674E3972} | CleanMgr.exe |
| Microsoft.Windows.Console.Host | {FE1FF234-1F09-50A8-D38D-C44FAB43E818} | ConHost.exe |
| Microsoft.Windows.Console.Launcher | {770AA552-671A-5E97-579B-151709EC0DBD} | ConHost.exe |
| Microsoft.Windows.Console.Render.VtEngine | {C9BA2A95-D3CA-5E19-2BD6-776A0910CB9D} | ConHost.exe |
| Microsoft.Windows.Console.VirtualTerminal.Parser | {C9BA2A84-D3CA-5E19-2BD6-776A0910CB9D} | ConHost.exe |
| Microsoft.Windows.ContentDeliveryManager | {8CBA0F81-8AD7-5395-2125-5703822C822A} | Explorer.exe |
| Microsoft.Windows.Desktop.Shell.ImmersiveIcons | {A51097AD-C000-5EA3-BBD4-863ADDAEDD23} | Explorer.exe |
| Microsoft.Windows.Desktop.Shell.NotificationArea | {653FE5BD-E1D2-5D40-D93C-A551A97CD49A} | Explorer.exe |
| Microsoft.Windows.Desktop.Shell.OOBEHealth | {397B9505-A6BA-5951-46EE-84B08FB14812} | Explorer.exe |
| Microsoft.Windows.Desktop.Shell.SoftLanding | {9954158F-EAA7-5AFE-B990-DF3CCE23483A} | Explorer.exe |
| Microsoft.Windows.Dwm.DwmApi | {504665A2-31F7-4B2F-BF1B-9635312E8088} | DwmApi.dll |
| Microsoft_Windows_Dwm_Dwm_Provider | {D29D56EA-4867-4221-B02E-CFD998834075} | Dwm.exe |
| Microsoft_Windows_Dwm_Udwm_Provider | {A2D1C713-093B-43A7-B445-D09370EC9F47} | Dwm.exe |
| Microsoft.Windows.FaultReporting | {1377561D-9312-452C-AD13-C4A1C9C906E0} | WerFault.exe |
| Microsoft.Windows.HangReporting | {3E0D88DE-AE5C-438A-BB1C-C2E627F8AECB} | WerSvc.dll |
| Microsoft.Windows.Licensing.IUI | {753436F5-735D-41FA-B4B7-D68579AC5582} | Explorer.exe |
| Microsoft.Windows.Kernel.Base | {3C74AFB9-8D82-44E3-B52C-365DBF48382A} | KernelBase.dll |
| Microsoft.Windows.Kernel.KernelBase | {05F95EFE-7F75-49C7-A994-60A55CC09571} | KernelBase.dll |
| Microsoft.Windows.Lxss.Manager | {B99CDB5A-039C-5046-E672-1A0DE0A40211} | LxssManager.dll |
| Microsoft.Windows.Lxss.Heartbeat | {0451AB4F-F74D-4008-B491-EB2E5F5D8B89} | LxssManager.dll |
| Microsoft.Windows.MobilityExperience | {5AFB7971-45E5-4D49-AAEB-1B04D39872CF} | Explorer.exe |
| Microsoft-Windows-Network-Setup | {A111F1C2-5923-47C0-9A68-D0BAFB577901} | |
| Microsoft-Windows-Networking-Correlation | {83ED54F0-4D48-4E45-B16E-726FFD1FA4AF} | Rdbss.sys |
| Microsoft.Windows.NTVDM | {70CAA5B8-A8F0-408A-8B53-563BFF7FF2FF} | Kernel32.dll |
| Microsoft.Windows.PerfLib | {BC44FFCD-964B-5B85-8662-0BA87EDAF07A} | AdvApi32.dll |
| Microsoft-Windows-Remotefs-Rdbss | {1A870028-F191-4699-8473-6FCD299EAB77} | Rdbss.sys |
| Microsoft.Windows.Shell.CoCreateInstanceAsSystem | {FFE467F7-4F51-4061-82BE-C2ED8946A961} | Explorer.exe |
| Microsoft.Windows.Shell.ControlCenter | {2C00A440-76DE-4FE3-856F-00557535BE83} | Explorer.exe |
| Microsoft.Windows.Shell.Desktop.LogonFramework | {04D28E21-00AA-5228-CFD0-D70863AA5CE9} | Explorer.exe |
| Microsoft.Windows.Shell.Explorer | {5F1E1B94-A9FE-57D8-ABE7-D29A6DF9E967} | Explorer.exe |
| Microsoft.Windows.Shell.NotificationCenter | {4BFE0FDE-99D6-5630-8A47-DA7BFAEFD876} | Explorer.exe |
| Microsoft.Windows.Shell.PrivacyConsentLogging | {58B09B7D-FD44-5A27-101D-5D2472A7BB42} | Explorer.exe |
| Microsoft.Windows.Shell.ScalingCompat | {2DBD0B99-C886-5C44-9FC2-7220DDF5AAF6} | DwmApi.dll |
| Microsoft.Windows.Shell.StateCapture | {82A0F3C6-C4DC-54FB-F358-354C5026DC61} | Explorer.exe |
| Microsoft.Windows.Shell.Taskbar | {DF8DAB3F-B1C9-58D3-2EA1-4C08592BB71B} | Explorer.exe |
| Microsoft.Windows.Shell.TileBadgeProvider | {34D3FCA3-41F2-4498-B7A0-58708572B583} | Explorer.exe |
| Microsoft.Windows.ShellExperienceDispatcher | {273C19B2-6643-5A58-6288-C336D3688B8D} | Explorer.exe |
| Microsoft.Windows.ShellPlacements | {7CA6A4DD-DAE5-5FB7-EC8E-4A6C648FADF9} | Explorer.exe |
| Microsoft-Windows-Shell-Core | {30336ED4-E327-447C-9DE0-51B652C86108} | |
| Microsoft_Windows_Shell_Core_Provider | {30336ED4-E327-447C-9DE0-51B652C86108} | Explorer.exe |
| Microsoft-Windows-Shell-CortanaProactive | {0E6F34B3-0637-55AB-F0BB-8B8FA83EDA04} | Explorer.exe |
| Microsoft-Windows-Shell-Launcher | {3D6120A6-0986-51C4-213A-E2975903051D} | Explorer.exe |
| Microsoft.Windows.Security.IsolationApi | {B6FD710B-F783-4B1C-AB9C-C68099DCC0C7} | SecHost.dll |
| Microsoft.Windows.Security.MitigationPolicy | {CA967C75-04BF-40B5-9A16-98B5F9332A92} | SecHost.dll |
| Microsoft.Windows.Socket.Afunix | {F3909F63-E473-4DB7-B0F3-458B80B23843} | AfUnix.Sys |
| Microsoft.Windows.Subsystem.Adss | {754E4536-6735-4194-BE81-1374BD2E9B0D} | LxCore.sys |
| Microsoft.Windows.Subsystem.LxCore | {0CD1C309-0878-4515-83DB-749843B3F5C9} | LxCore.sys |
| Microsoft.Windows.Subsystem.Lxss | {D90B9468-67F0-5B3B-42CC-82AC81FFD960} | WslHost.exe |
| Microsoft.Windows.SvchostTelemetryProvider | {06184C97-5201-480E-92AF-3A3626C5B140} | SvcHost.exe |
| Microsoft.Windows.Taskmgr | {2E635D8E-1107-4555-9319-32EEB895AAAE} | TaskMgr.exe |
| Microsoft.Windows.TlgAggregateInternal | {703FCC13-B66F-5868-DDD9-E2DB7F381FFB} | AfUnix.Sys |
| Microsoft-Windows-UAC | {E7558269-3FA5-46ED-9F4D-3C6E282DDE55} | Kernel32.dll |
| Microsoft-Windows-User-Diagnostic | {305FC87B-002A-5E26-D297-60223012CA9C} | |
| Microsoft.Windows.Wil.FeatureLogging | {DCEF5411-1F98-5EE7-238B-5ABD0E078E97} | Explorer.exe |
| Microsoft-Windows-Winsock-AFD | {E53C6823-7BB8-44BB-90DC-3F86090D48A6} | |
| Microsoft.Windows.WindowsErrorReporting | {CC79CF77-70D9-4082-9B52-23F3A3E92FE4} | WerFault.exe |
| Microsoft.Windows.WERSecureVertical | {97945555-B04C-47C0-B399-E453D509A5F0} | WerFaultSecure.exe |
| Microsoft.Windows.WERVertical | {2B87E57E-7BD0-43A3-A278-02E62D59B2B1} | WerFault.exe |
| MSNT_SystemTrace | {9E814AAD-3204-11D2-9A82-006008A86939} | |
| TelemetryAssert | {6D1B249D-131B-468A-899B-FB0AD9551772} | Explorer.exe |
| TelemetryAssertDiagTrack | {E0B47CF8-E776-4EA7-9EC0-93A85B9A7A2B} | Explorer.exe |
| WERSVC_TRIGGER_PROVIDER_GUID | {E46EEAD8-0C54-4489-9898-8FA79D059E0E} | Dwm.exe |
- List of Event Providers from Settings Handlers:
| Provider Name | Provider GUID |
|---|---|
| Microsoft.Geolocation.Service | {89DFBDE8-86E8-489B-9867-EEFDC5E8879B} |
| Microsoft.Geolocation.Verbose | {A313AF2B-A798-470E-9355-F535C3D45F94} |
| Microsoft.OSG.OSS.CredProvFramework | {8DB3086D-116F-5BED-CFD5-9AFDA80D28EA} |
| Microsoft.Windows.AgentActivationRuntime.Settings | {07807C21-ADCC-4884-A34D-3623C990F229} |
| Microsoft.Windows.Analog.Shell.SystemSettings.Handlers | {D8A54C12-11E8-462B-BDD4-7AD5CCF676B6} |
| Microsoft.Windows.Analog.Speech.VoiceDownload | {1616DD48-DB95-4796-A71F-B79485E1B962} |
| Microsoft.Windows.Analog.SystemSettingsHolographicProvider | {61BC3BAA-C439-5E41-B843-9C2564ED57F6} |
| Microsoft.Windows.AssignedAccess | {94097D3D-2A5A-5B8A-CDBD-194DD2E51A00} |
| Microsoft.Windows.Defender.PCSettings | {42D3EAD2-4C3D-4A27-A3A4-BD8BC73BABC0} |
| Microsoft.Windows.Desktop.Shell.CBSWrappers | {B9C4496B-B9BA-584B-68F5-CA2A501AFCDC} |
| Microsoft.Windows.Desktop.Shell.LanguageFeaturesOnDemandSettings | {E613A5D7-363E-5200-B311-02B426D8A73B} |
| Microsoft.Windows.Desktop.Shell.LanguagePackInstallSettings | {17D6A222-AF97-560B-6F18-389900D6AD1E} |
| Microsoft-Windows-Desktop-Shell-SystemSettingsV2-Handlers | {3A245D5A-F00F-48F6-A94B-C51CDD290F18} |
| Microsoft-Windows-Desktop-Shell-Windowing | {F84AA759-31D3-59BF-2C89-3748CF17FD7E} |
| Microsoft.Windows.Desktop.TextInput.KeyboardSettings | {A763F1F4-BDA4-4738-8CB7-EA00F684B80E} |
| Microsoft.Windows.DeviceDelete | {8648E819-0883-4904-B730-D76D8498B521} |
| Microsoft.Windows.ErrorHandling.Fallback | {BF4C9654-66D1-5720-7B51-D2AE226735EA} |
| Microsoft.Windows.Licensing.ActivationUXLib | {692EF39C-05C6-532A-66FF-23D2AB729A21} |
| Microsoft.Windows.Licensing.LicensingRegistration | {FB0A5F93-25EB-493A-A08B-B8CB0325DEBA} |
| Microsoft.Windows.Mobile.Shell.DisplaySettings | {23CD8D50-ED49-5A0B-4562-65DFF962D5F1} |
| Microsoft.Windows.Settings.Accessibility | {79C43BCD-08EA-5914-1E38-9E3008863A0C} |
| Microsoft.Windows.Settings.TelemetryPage | {35437A7A-1330-4383-85E9-D596970932B0} |
| Microsoft.Windows.Shell.BlueLightReduction | {27D5AD5A-66C3-5DF2-FC18-1F9F61D46ABB} |
| Microsoft.Windows.Shell.CoCreateInstanceAsSystem | {FFE467F7-4F51-4061-82BE-C2ED8946A961} |
| Microsoft-Windows-Shell-DisplaySettings | {8FF3B6BA-E06F-59B6-82C3-4CF8E3623322} |
| Microsoft.Windows.Shell.InputDialTrace | {DAE4B0D4-CC23-508B-F041-48E5097A0907} |
| Microsoft.Windows.Shell.LanguageComponentsInstaller | {A245F3C6-C600-5D61-6978-14299DB0CB16} |
| Microsoft.Windows.Shell.NotificationSettings | {33B3EAA6-D8DD-5096-8687-6F520D32FC9E} |
| Microsoft.Windows.Shell.PersonalizeSettingsTelemetry | {6BEE332C-7DDB-5EC2-DEC4-91B8BE7612F8} |
| Microsoft.Windows.Shell.QuickActionSettings | {ED9C68B1-12E1-4AE7-BAAB-2B167A66425A} |
| Microsoft.Windows.Shell.RadialControllerMenu | {7940D73D-D0FC-5959-D4FE-255CAF4C8A64} |
| Microsoft.Windows.Shell.ShareUXSettings | {080E197D-7CC1-54A3-E889-27636425992A} |
| Microsoft.Windows.Shell.SystemSettings.AdvancedGraphics | {9A35425E-61BC-4D68-8542-568A28963ABE} |
| Microsoft.Windows.Shell.SystemSettings.BatterySaver | {571AC9D5-12FD-4438-B630-61FB26BBB0AC} |
| Microsoft.Windows.Shell.SystemSettings.BatterySaver.Desktop | {E04D85E2-56A2-5BB7-5DAB-6F761366A4C2} |
| Microsoft.Windows.Shell.SystemSettings.BluetoothHandler | {56143DD6-AD65-4FB1-972C-6DFA2BEF0916} |
| Microsoft.Windows.Shell.SystemSettings.ClosedCaptioningHandler | {A581B958-01D7-5B43-A776-365ADF9FC460} |
| Microsoft.Windows.Shell.SystemSettings.CorpDeviceManagementSetting | {A8FD7A5B-4323-4172-B85B-F5B78C3C0F9C} |
| Microsoft.Windows.Shell.SystemSettings.FontPreview | {EC696EE4-FAC7-4DF4-9AAA-3862CB16EB4B} |
| Microsoft.Windows.Shell.SystemSettings.HandlersBase | {AB7DF27D-F8D1-546B-9BA0-1ECFE7B3FC3A} |
| Microsoft.Windows.Shell.SystemSettings.Maps | {3FBE2230-5B5B-5871-87F5-9B583E56B82F} |
| Microsoft.Windows.Shell.SystemSettings.MediaRadioManagerSink | {FC27CCE8-72B0-5A6F-8FE3-22BFCFEFD495} |
| Microsoft.Windows.Shell.SystemSettings.OneDriveBackup | {35A6B23C-C542-5414-BC49-B0F81B96A266} |
| Microsoft.Windows.Shell.SystemSettings.Pen | {F323B60D-51FF-5C64-F7D1-F8149E2B3D81} |
| Microsoft.Windows.Shell.SystemSettings.RegionSettings | {44F1A90C-4250-5BAB-F09B-DF45384C6951} |
| Microsoft.Windows.Shell.SystemSettings.RemoteDesktop | {CF652BD1-CF2A-5AE4-16A1-B293FA6381CF} |
| Microsoft.Windows.Shell.SystemSettings.SIUF | {DB7BD825-B56F-48C4-8196-22BC145DDB08} |
| Microsoft.Windows.Shell.SystemSettings.SignInOptionsPage | {55F422C8-0AA0-529D-95F5-8E69B6A29C98} |
| Microsoft.Windows.Shell.SystemSettings.SpeechPlatformSettings | {4445FCA2-F4FF-4469-9DE4-5AC45F690249} |
| Microsoft.Windows.Shell.SystemSettings.StorageSense | {830A1F34-7797-4E31-9B75-C82056330051} |
| Microsoft.Windows.Shell.SystemSettings.SyncTime | {361E40D2-7B9E-51C4-DE42-A7F1E997A1D7} |
| Microsoft.Windows.Shell.SystemSettings.UserPage | {0AE9AD8E-D4D3-5486-F015-498E0B6860EF} |
| Microsoft.Windows.Shell.SystemSettings.WorkAccessHandlers | {80B3FF7A-BAB0-4ED1-958C-E89A6D5557B3} |
| Microsoft.Windows.Shell.ThemeSettings | {89956ECA-39E2-598F-A8FA-8CB6382BD306} |
| Microsoft.Windows.SpeechPlatform.Settings | {ADBB52AD-4E74-56C1-ECBE-CC4539AC4B2D} |
| Microsoft.Windows.Storage.StorageReserve | {057597DF-6FD8-438B-BF6D-190CBF0A914C} |
| Microsoft.Windows.SystemSettings.SettingsHandlers.InkingTypingPrivacy | {A00D2097-96A9-4889-925E-1298E09460A0} |
| Microsoft.Windows.SystemSettings.SettingsHandlers.SpeechPrivacy | {196CBDD6-30A9-5A27-827C-3DF2DEBDB688} |
| Microsoft.Windows.SystemSettings.SettingsHandlers.VoiceAgentActivation | {CA68509F-CA73-462D-8CA6-39C1B5534EE1} |
| Microsoft.Windows.TextInput.ChsIme | {3BD9576D-203C-4B2D-8F1C-2A4574B3BE78} |
| Microsoft.Windows.TextInput.ImeSettings | {C442C41D-98C0-4A33-845D-902ED64F695B} |
| Microsoft.Windows.TlgAggregateInternal | {703FCC13-B66F-5868-DDD9-E2DB7F381FFB} |
| Microsoft.Windows.Xbox.NetworkTroubleshooter | {8B71B3DD-DB44-400D-AE29-B4BE90B9DEB3} |
| WindowsFlightingSettings (Insider builds) | {D43920C8-D57D-4E58-9283-F0FDDD4AFDCB} |
- List of Event Providers from
SecHost!EtwpGuidMap(array of GUIDs):
| Provider Name | Provider GUID |
|---|---|
| EventTraceGuid | {68FDD900-4A3E-11D1-84F4-0000F80464E3} |
| DiskIoGuid | {3D6FA8D4-FE05-11D0-9DDA-00C04FD7BA7C} |
| PageFaultGuid | {3D6FA8D3-FE05-11D0-9DDA-00C04FD7BA7C} |
| ProcessGuid | {3D6FA8D0-FE05-11D0-9DDA-00C04FD7BA7C} |
| FileIoGuid | {90CBDC39-4A3E-11D1-84F4-0000F80464E3} |
| ThreadGuid | {3D6FA8D1-FE05-11D0-9DDA-00C04FD7BA7C} |
| TcpIpGuid | {9A280AC0-C8E0-11D1-84E2-00C04FB998A2} |
| JobGuid | {3282FC76-FEED-498E-8AA7-E70F459D430E} |
| UdpIpGuid | {BF3A50C5-A9C9-4988-A005-2DF0B7C80F80} |
| RegistryGuid | {AE53722E-C863-11D2-8659-00C04FA321A1} |
| DbgPrintGuid | {13976D09-A327-438C-950B-7F03192815C7} |
| EventTraceConfigGuid | {01853A65-418F-4F36-AEFC-DC0F1D2FD235} |
| LbrGuid | {99134383-5248-43FC-834B-529454E75DF3} |
| WnfGuid | {42695762-EA50-497A-9068-5CBBB35E0B95} |
| PoolGuid | {0268A8B6-74FD-4302-9DD0-6E8F1795C0CF} |
| PerfinfoGuid | {CE1DBFB4-137E-4DA6-87B0-3F59AA102CBC} |
| HeapGuid | {222962AB-6180-4B88-A825-346B75F2A24A} |
| ObjectGuid | {89497F50-EFFE-4440-8CF2-CE6B1CDCACA7} |
| PowerGuid | {E43445E0-0903-48C3-B878-FF0FCCEBDD04} |
| ModBoundGuid | {A9152F00-3F58-4BEE-92A1-70C7D079D5DD} |
| ImageLoadGuid | {2CB15D1D-5FC1-11D2-ABE1-00A0C911F518} |
| DpcGuid | {B2D14872-7C5B-463D-8419-EE9BF7D23E04} |
| CcGuid | {7687A439-F752-45B8-B741-321AEC0F8DF9} |
| CritSecGuid | {3AC66736-CC59-4CFF-8115-8DF50E39816B} |
| StackWalkGuid | {DEF2FE46-7BD6-4B80-BD94-F57FE20D0CE3} |
| UmsEventGuid | {9AEC974B-5B8E-4118-9B92-3186D8002CE5} |
| ALPCGuid | {45D8CCCD-539F-4B72-A8B7-5C683142609A} |
| SplitIoGuid | {D837CA92-12B9-44A5-AD6A-3A65B3578AA8} |
| ThreadPoolGuid | {C861D0E2-A2C1-4D36-9F9C-970BAB943A12} |
| HypervisorTraceGuid | {7F2A405C-69B5-4BF9-A1F5-30E8F1AFAB5E} |
| HypervisorXTraceGuid | {2CE9A149-EFFE-42F0-A635-A1D39E26C8F2} |
| IptGuid | {FF1FD2FD-6008-42BB-9E75-00A20051F3BE} |
- List of Event Providers from
nt!EtwpUmglProviders(array of GUIDs):
| Provider Name | Provider GUID |
|---|---|
| HeapRangeGuid | {D781CA11-61C0-4387-B83D-AF52D3D2DD6A} |
| LoadMUIDllGuid | {D3DE60B2-A663-45D5-9826-A0A5949D2CB0} |
| ThreadPoolGuid | {C861D0E2-A2C1-4D36-9F9C-970BAB943A12} |
| UmsTraceGuid | {BDDAD2C1-52D1-4AEA-94D6-B3CA9236F62E} |
| HeapSummaryGuid | {05867806-C246-43EF-A147-E17D2BDB1496} |
| ImageLoadGuid | {2CB15D1D-5FC1-11D2-ABE1-00A0C911F518} |
| HeapGuid | {222962AB-6180-4B88-A825-346B75F2A24A} |
| CritSecGuid | {3AC66736-CC59-4CFF-8115-8DF50E39816B} |
| WnfGuid | {42695762-EA50-497A-9068-5CBBB35E0B95} |
| UmglThreadGuid | {3BEEF58A-6E0F-445D-B2A4-37AB737BD47E} |
- List of Event Providers from
nt!EtwpInitialize:
| Provider Name | Provider GUID |
|---|---|
| SecurityMitigationsProviderGuid | {FAE10392-F0AF-4AC0-B8FF-9F4D920C3CDF} |
| MS_Windows_Security_Adminless_Provider | {EA216962-877B-5B73-F7C5-8AEF5375959E} |
| MS_Windows_Security_LPAC_Provider | {45EEC9E5-4A1B-5446-7AD8-A4AB1313C437} |
| ThreatIntProviderGuid | {F4E1897C-BB5D-5668-F1D8-040F4D8DD344} |
| CVEAuditProviderGuid | {85A62A0D-7E17-485F-9D4F-749A287193A6} |
| KernelAuditApiCallsGuid | {E02A841C-75A3-4FA7-AFC8-AE09CF9B7F23} |
| MS_Windows_Kernel_AppCompat_Provider | {16A1ADC1-9B7F-4CD9-94B3-D8296AB1B130} |
| MemoryProvGuid | {D1D93EF7-E1F2-4F45-9943-03D245FE6C00} |
| FileProvGuid | {EDD08927-9CC4-4E65-B970-C2560FB5C289} |
| DiskProvGuid | {C7BDE69A-E1E0-4177-B6EF-283AD1525271} |
| NetProvGuid | {7DD42A49-5329-4832-8DFD-43D979153A88} |
| PsProvTraceLoggingGuid | {2839FF94-8F12-4E1B-82E3-AF7AF77A450F} |
| PsProvGuid | {22FB2CD6-0E7B-422B-A0C7-2FAD1FD0E716} |
| KernelProvGuid | {A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D} |
| EventTracingProvGuid | {B675EC37-BDB6-4648-BC92-F3FDC74D3CA2} |