IBM Security X-Force analyzes how attackers with elevated Windows privileges can use kernel post-exploitation to blind Event Tracing for Windows sensors. The report links this tradecraft to an ESET-documented Lazarus payload used against entities in Belgium and the Netherlands for data exfiltration. Lazarus used Direct Kernel Object Manipulation primitives to alter ETW-related kernel structures, reducing operating system, antivirus, and EDR telemetry. The analysis explains ETW registration handles, provider GUIDs, and related kernel structures so defenders can understand which telemetry sources may become unreliable under BYOVD or rootkit-style post-exploitation.