detection.wiki

Microsoft-Windows-Shell-ZipFolder

28 events across 1 channel

Event IDTitleChannel
1Diagnostic
2Diagnostic
3Diagnostic
4Diagnostic
5Diagnostic
6Diagnostic
7Diagnostic
8Diagnostic
9Diagnostic
10Diagnostic
11Diagnostic
12Diagnostic
13Diagnostic
14Diagnostic
15Diagnostic
16Diagnostic
17Diagnostic
18Diagnostic
19Diagnostic
20Diagnostic
21Diagnostic
22Diagnostic
23Diagnostic
24Diagnostic
25Diagnostic
26Diagnostic
27Diagnostic
28Diagnostic

Event ID 1 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_ExtractFile
Opcode
Start

Event ID 2 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_ExtractFile
Opcode
Stop

Event ID 3 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_DeleteFile
Opcode
Start

Event ID 4 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_DeleteFile
Opcode
Stop

Event ID 5 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_WizardExtractAll
Opcode
Start

Event ID 6 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_WizardExtractAll
Opcode
Stop

Event ID 7 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_CountFiles
Opcode
Start

Event ID 8 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_CountFiles
Opcode
Stop

Event ID 9 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_QueryCM
Opcode
Start

Event ID 10 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_QueryCM
Opcode
Stop

Event ID 11 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_CheckEncrypted
Opcode
Start

Event ID 12 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_CheckEncrypted
Opcode
Stop

Event ID 13 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_BuildEnumerator
Opcode
Start

Event ID 14 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_BuildEnumerator
Opcode
Stop

Event ID 15 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_DropIn
Opcode
Start

Event ID 16 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_DropIn
Opcode
Stop

Event ID 17 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_OpenItem
Opcode
Start

Event ID 18 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_OpenItem
Opcode
Stop

Event ID 19 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_RemoveItem
Opcode
Start

Event ID 20 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_RemoveItem
Opcode
Stop

Event ID 21 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_RenameItem
Opcode
Start

Event ID 22 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_RenameItem
Opcode
Stop

Event ID 23 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_ApplyProps
Opcode
Start

Event ID 24 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_ApplyProps
Opcode
Stop

Event ID 25 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_LeaveFolder
Opcode
Start

Event ID 26 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_LeaveFolder
Opcode
Stop

Event ID 27 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_AESCheck
Opcode
Start

Event ID 28 —

Provider
Microsoft-Windows-Shell-ZipFolder
Channel
Diagnostic
Task
ZipFolder_AESCheck
Opcode
Stop