HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows Powershell

##</code><code>##

%SystemRoot%\System32\Winevt\Logs\Application.evtx
%SystemRoot%\System32\Winevt\Logs\Security.evtx
%SystemRoot%\System32\Winevt\Logs\Setup.evtx
%SystemRoot%\System32\Winevt\Logs\System.evtx
%SystemRoot%\System32\Winevt\Logs\ForwardedEvents.evtx