detection.wiki

Microsoft-Windows-Sysprep

14 events across 1 channel

Event IDTitleChannel
1001Executing sysprep providers from registry location "BasePath" during Phase.Analytic
1002Finished executing sysprep providers with status ErrorCode.Analytic
2001Calling external function "FunctionName" from "DllName".Analytic
2002External function returned with status DllName.Analytic
3001Loading meta-data file "ActionFilePath".Analytic
3002Loading of meta-data file "ActionFilePath" completed.Analytic
4001Creating action list for component "ComponentName".Analytic
4002Action list for component "ComponentName" created.Analytic
5001Deleting file(s) "FilePattern" from directory "DirectoryPath".Analytic
5002File deletion of "FilePattern" from directory "DirectoryPath" returned with …Analytic
6001Deleting directory "DirectoryPath".Analytic
6002Directory deletion for "DirectoryPath" returned with status ErrorCode.Analytic
7001Starting execution of phase "Phase".Analytic
7002Execution of phase returned status ErrorCode.Analytic

Event ID 1001 — Executing sysprep providers from registry location "BasePath" during Phase.

Provider
Microsoft-Windows-Sysprep
Channel
Analytic
Task
RunRegistryDlls
Opcode
Start

Description

Executing sysprep providers from registry location "BasePath" during Phase.

Message #

Executing sysprep providers from registry location "%1" during %2.

Fields #

NameDescription
BasePath UnicodeString
Phase UnicodeString

Event ID 1002 — Finished executing sysprep providers with status ErrorCode.

Provider
Microsoft-Windows-Sysprep
Channel
Analytic
Task
RunRegistryDlls
Opcode
Stop

Description

Finished executing sysprep providers with status ErrorCode.

Message #

Finished executing sysprep providers with status %1.

Fields #

NameDescription
ErrorCode UInt32

Event ID 2001 — Calling external function "FunctionName" from "DllName".

Provider
Microsoft-Windows-Sysprep
Channel
Analytic
Task
CallExternalProviderFunction
Opcode
Start

Description

Calling external function "FunctionName" from "DllName".

Message #

Calling external function "%2" from "%1".

Fields #

NameDescription
DllName UnicodeString
FunctionName AnsiString
ErrorCode UInt32

Event ID 2002 — External function returned with status DllName.

Provider
Microsoft-Windows-Sysprep
Channel
Analytic
Task
CallExternalProviderFunction
Opcode
Stop

Description

External function returned with status DllName.

Message #

External function returned with status %1.

Fields #

NameDescription
DllName UnicodeString
FunctionName AnsiString
ErrorCode UInt32

Event ID 3001 — Loading meta-data file "ActionFilePath".

Provider
Microsoft-Windows-Sysprep
Channel
Analytic
Task
Loadactionmeta_datafile
Opcode
Start

Description

Loading meta-data file "ActionFilePath".

Message #

Loading meta-data file "%1".

Fields #

NameDescription
ActionFilePath UnicodeString

Event ID 3002 — Loading of meta-data file "ActionFilePath" completed.

Provider
Microsoft-Windows-Sysprep
Channel
Analytic
Task
Loadactionmeta_datafile
Opcode
Stop

Description

Loading of meta-data file "ActionFilePath" completed.

Message #

Loading of meta-data file "%1" completed.

Fields #

NameDescription
ActionFilePath UnicodeString

Event ID 4001 — Creating action list for component "ComponentName".

Provider
Microsoft-Windows-Sysprep
Channel
Analytic
Task
Createlistofactionsforacomponent
Opcode
Start

Description

Creating action list for component "ComponentName".

Message #

Creating action list for component "%1".

Fields #

NameDescription
ComponentName UnicodeString

Event ID 4002 — Action list for component "ComponentName" created.

Provider
Microsoft-Windows-Sysprep
Channel
Analytic
Task
Createlistofactionsforacomponent
Opcode
Stop

Description

Action list for component "ComponentName" created.

Message #

Action list for component "%1" created.

Fields #

NameDescription
ComponentName UnicodeString

Event ID 5001 — Deleting file(s) "FilePattern" from directory "DirectoryPath".

Provider
Microsoft-Windows-Sysprep
Channel
Analytic
Task
Deletingfile(s)ofapattern
Opcode
Start

Description

Deleting file(s) "FilePattern" from directory "DirectoryPath".

Message #

Deleting file(s) "%2" from directory "%1".

Fields #

NameDescription
DirectoryPath UnicodeString
FilePattern UnicodeString

Event ID 5002 — File deletion of "FilePattern" from directory "DirectoryPath" returned with status ErrorCode.

Provider
Microsoft-Windows-Sysprep
Channel
Analytic
Task
Deletingfile(s)ofapattern
Opcode
Stop

Description

File deletion of "FilePattern" from directory "DirectoryPath" returned with status ErrorCode.

Message #

File deletion of "%2" from directory "%1" returned with status %3.

Fields #

NameDescription
DirectoryPath UnicodeString
FilePattern UnicodeString
ErrorCode UInt32

Event ID 6001 — Deleting directory "DirectoryPath".

Provider
Microsoft-Windows-Sysprep
Channel
Analytic
Task
Deleteadirectory
Opcode
Start

Description

Deleting directory "DirectoryPath".

Message #

Deleting directory "%1".

Fields #

NameDescription
DirectoryPath UnicodeString

Event ID 6002 — Directory deletion for "DirectoryPath" returned with status ErrorCode.

Provider
Microsoft-Windows-Sysprep
Channel
Analytic
Task
Deleteadirectory
Opcode
Stop

Description

Directory deletion for "DirectoryPath" returned with status ErrorCode.

Message #

Directory deletion for "%1" returned with status %2.

Fields #

NameDescription
DirectoryPath UnicodeString
ErrorCode UInt32

Event ID 7001 — Starting execution of phase "Phase".

Provider
Microsoft-Windows-Sysprep
Channel
Analytic
Task
Executeanentirephase
Opcode
Start

Description

Starting execution of phase "Phase".

Message #

Starting execution of phase "%1".

Fields #

NameDescription
Phase UnicodeString

Event ID 7002 — Execution of phase returned status ErrorCode.

Provider
Microsoft-Windows-Sysprep
Channel
Analytic
Task
Executeanentirephase
Opcode
Stop

Description

Execution of phase returned status ErrorCode.

Message #

Execution of phase returned status %1.

Fields #

NameDescription
ErrorCode UInt32