Hello Swapnil Barai ,
Thank you for posting in Q&A forum.
According to your description, the values in the figure may be the key values of the group policy or the application. When the group policy takes effect or the application starts, they will still be created even if they are deleted.
Or it may be related to system security. If it is related to system security, the system is responsible for managing these items, and there is no need for you to operate. Please rest assured.
You can also try to audit who changed the registry via audit setting in both local group policy setting and registry folder permission.
Enabled audit policy via local group policy setting.
Legacy audit policy:
Computer Configuration\Windows settings\security settings\local policies\audit policy\audit object access
Or use advanced audit policies (advanced audit policies will overwrite all legacy audit policies by default):
Computer Configuration\Windows settings\security settings\Advanced Audit Policy Configuration\Object Access\Audit registry.
Enabled audit permission in registry folder permission.
Note:
If you have never configured any advanced audit policy before, then you need to configure the legacy audit policy.
If you have configured any advanced audit policy before, then you have configured the advanced audit policy.
Once you configured any one advanced audit policies, then all legacy audit policies will be overwritten by default.
After the registry returns again, you can check the event ID in the link below.
https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-registry
I hope the information above is helpful. If you have any questions or concerns, please feel free to let us know. Best Regards, Daisy Zhou If the Answer is helpful, please click "Accept Answer" and upvote it.