Event ID 10005 —
Description
DCOM got error "param1" attempting to start the service param2 with arguments "param3" in order to run the server.
Fields #
| Name | Description |
|---|---|
param1 | — |
param2 | — |
param3 | — |
param4 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-DistributedCOM",
"guid": "{1B562E86-B7AA-4131-BADC-B6F3A001407E}",
"event_source_name": "DCOM",
"event_id": 10005,
"version": 0,
"level": 2,
"task": 0,
"opcode": 0,
"keywords": 9259400833873739776,
"time_created": "2019-04-27T21:04:43.704329Z",
"event_record_id": 9256,
"correlation": {},
"execution": {
"process_id": 756,
"thread_id": 4404
},
"channel": "System",
"computer": "DESKTOP-JR78RLP",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"param1": "1068",
"param2": "netprofm",
"param3": "Unavailable",
"param4": "{A47979D2-C419-11D9-A5B4-001185AD2B89}"
}
}
References #
- Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx