detection.wiki

Microsoft-Windows-LoadPerf › Event 1000

Event ID 1000 — Performance counters for the WmiApRpl!

Provider
Microsoft-Windows-LoadPerf
Channel
Application
Level
Informational

Description

Performance counters for the () service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.

Message #

Performance counters for the %1 (%2) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.

Fields #

NameDescription
EventXML.param1
EventXML.param2
EventXML.binaryDataSize
EventXML.binaryData

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-LoadPerf",
    "guid": "122EE297-BB47-41AE-B265-1CA8D1886D40",
    "event_source_name": "",
    "event_id": 1000,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2022-04-07T16:59:11.051894+00:00",
    "event_record_id": 207,
    "correlation": {},
    "execution": {
      "process_id": 4204,
      "thread_id": 4208
    },
    "channel": "Application",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "user_data": {
    "EventXML": {
      "param1": "WmiApRpl",
      "param2": "WmiApRpl",
      "binaryDataSize": 16,
      "binaryData": "7igAAJQpAADvKAAAlSkAAA=="
    }
  },
  "message": "Performance counters for the WmiApRpl!s! (WmiApRpl!s!) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service."
}

References #