detection.wiki

Microsoft-Windows-Kernel-Dump › Event 5

Event ID 5 — Crash dump initialization failed.

Provider
Microsoft-Windows-Kernel-Dump
Channel
Operational
Level
Warning
Task
CrashDumpConfig
Opcode
DumpInitializationFailed.

Description

Crash dump initialization failed. NT status: NTStatus.

Message #

Crash dump initialization failed. NT status: %1.

Fields #

NameDescription
NTStatus UInt32Crash dump initialization failed. NT status.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Kernel-Dump",
    "guid": "17D2A329-4539-5F4D-3435-F510634CE3B9",
    "event_source_name": "",
    "event_id": 5,
    "version": 0,
    "level": 3,
    "task": 2,
    "opcode": 15,
    "keywords": 9223372036854775808,
    "time_created": "2023-10-26T04:16:27.309101+00:00",
    "event_record_id": 1,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 8
    },
    "channel": "Microsoft-Windows-Kernel-Dump/Operational",
    "computer": "WIN-OQ6R0RVA4NF",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "NTStatus": 3221225487
  },
  "message": ""
}

References #