detection.wiki

Microsoft-Windows-Deplorch

5 events across 1 channel

Event IDTitleChannel
1001Starting system services.Analytic
1002Finished starting system services with status ErrorCode.Analytic
2001Running user-provided script: '{CommandLine}'.Analytic
2002Successfully executed script: '{Command}'.Analytic
2003Failed to execute script: '{Command}'.Analytic

Event ID 1001 — Starting system services.

Provider
Microsoft-Windows-Deplorch
Channel
Analytic
Task
StartSystemServices
Opcode
Start

Description

Starting system services.

Message #

Starting system services.

Event ID 1002 — Finished starting system services with status ErrorCode.

Provider
Microsoft-Windows-Deplorch
Channel
Analytic
Task
StartSystemServices
Opcode
Stop

Description

Finished starting system services with status ErrorCode.

Message #

Finished starting system services with status %1.

Fields #

NameDescription
ErrorCode UInt32

Event ID 2001 — Running user-provided script: '{CommandLine}'.

Provider
Microsoft-Windows-Deplorch
Channel
Analytic

Description

Running user-provided script: '{CommandLine}'.

Message #

Running user-provided script: '{CommandLine}'.

Fields #

NameDescription
CommandLine

Event ID 2002 — Successfully executed script: '{Command}'.

Provider
Microsoft-Windows-Deplorch
Channel
Analytic

Description

Successfully executed script: '{Command}'. Exit code is {ExitCode}.

Message #

Successfully executed script: '{Command}'. Exit code is {ExitCode}.

Fields #

NameDescription
Command
ExitCode

Event ID 2003 — Failed to execute script: '{Command}'.

Provider
Microsoft-Windows-Deplorch
Channel
Analytic

Description

Failed to execute script: '{Command}'.Exit code is {ExitCode}.

Message #

Failed to execute script: '{Command}'.Exit code is {ExitCode}.

Fields #

NameDescription
Command
ExitCode