detection.wiki

Microsoft-Windows-OobeLdr

8 events across 1 channel

Event IDTitleChannel
1001OobeLdr.Analytic
1002OobeLdr.Analytic
2001Executing unattend settings pass "Pass".Analytic
2002Finished executing unattend pass with status ErrorCode.Analytic
2003Failed to execute unattend pass with status ErrorCode.Analytic
2004Using unattend file "FilePath" for pass "Pass".Analytic
3001Launching Oobe.Analytic
3002Oobe exited with status ErrorCode.Analytic

Event ID 1001 — OobeLdr.

Provider
Microsoft-Windows-OobeLdr
Channel
Analytic
Task
RunOobeLdr
Opcode
Start

Description

OobeLdr.exe is running with command line "CommandLine".

Message #

OobeLdr.exe is running with command line "%1".

Fields #

NameDescription
CommandLine UnicodeString

Event ID 1002 — OobeLdr.

Provider
Microsoft-Windows-OobeLdr
Channel
Analytic
Task
RunOobeLdr
Opcode
Stop

Description

OobeLdr.exe exiting with status ErrorCode.

Message #

OobeLdr.exe exiting with status %1.

Fields #

NameDescription
ErrorCode UInt32

Event ID 2001 — Executing unattend settings pass "Pass".

Provider
Microsoft-Windows-OobeLdr
Channel
Analytic
Task
OobeLdrProcessUnattend
Opcode
Start

Description

Executing unattend settings pass "Pass".

Message #

Executing unattend settings pass "%1".

Fields #

NameDescription
Pass UnicodeString

Event ID 2002 — Finished executing unattend pass with status ErrorCode.

Provider
Microsoft-Windows-OobeLdr
Channel
Analytic
Task
OobeLdrProcessUnattend
Opcode
Stop

Description

Finished executing unattend pass with status ErrorCode.

Message #

Finished executing unattend pass with status %1.

Fields #

NameDescription
ErrorCode UInt32

Event ID 2003 — Failed to execute unattend pass with status ErrorCode.

Provider
Microsoft-Windows-OobeLdr
Channel
Analytic
Task
OobeLdrProcessUnattend
Opcode
Stop

Description

Failed to execute unattend pass with status ErrorCode.

Message #

Failed to execute unattend pass with status %1.

Fields #

NameDescription
ErrorCode UInt32

Event ID 2004 — Using unattend file "FilePath" for pass "Pass".

Provider
Microsoft-Windows-OobeLdr
Channel
Analytic
Task
OobeLdrProcessUnattend

Description

Using unattend file "FilePath" for pass "Pass".

Message #

Using unattend file "%2" for pass "%1".

Fields #

NameDescription
Pass UnicodeString
FilePath UnicodeString

Event ID 3001 — Launching Oobe.

Provider
Microsoft-Windows-OobeLdr
Channel
Analytic
Task
LaunchOobe
Opcode
Start

Description

Launching Oobe.

Message #

Launching Oobe.

Event ID 3002 — Oobe exited with status ErrorCode.

Provider
Microsoft-Windows-OobeLdr
Channel
Analytic
Task
LaunchOobe
Opcode
Stop

Description

Oobe exited with status ErrorCode.

Message #

Oobe exited with status %1.

Fields #

NameDescription
ErrorCode UInt32