Windows registry stores two types of data: settings and logs. These are not usual logs, like event logs, but rather some stats or recent activity snapshots.
Paths Event logs and Event Trace Logs: C:\Windows\system32\ config\*.evt winevt\logs\*.evt LogFiles\WMI\* SleepStudy\* C:\Windows\system32\WDI LogFiles\*etl\* {\* Event Viewer 🌈 ❓How could an attacker delete entries from the Event Viewer and what level of access would they need?