detection.wiki

Microsoft-Windows-EtwCollector

3 events across 1 channel

EventTitleChannelSample
1Profiling for target ({ProcessID}) has started.OperationalN
2Profiling for target ({ProcessID}) has stopped.OperationalN
5Machine [Name: {Name}] [OS Description: {OSDescription}] [Architecture: …OperationalN

Event ID 1: Profiling for target ({ProcessID}) has started.

#
Provider
Microsoft-Windows-EtwCollector
Channel
Operational

Description

Profiling for target ({ProcessID}) has started.

Message #

Profiling for target ({ProcessID}) has started.

Fields #

NameDescription
ProcessID

Event ID 2: Profiling for target ({ProcessID}) has stopped.

#
Provider
Microsoft-Windows-EtwCollector
Channel
Operational

Description

Profiling for target ({ProcessID}) has stopped.

Message #

Profiling for target ({ProcessID}) has stopped.

Fields #

NameDescription
ProcessID

Event ID 5: Machine [Name: {Name}] [OS Description: {OSDescription}] [Architecture: {Architecture}].

#
Provider
Microsoft-Windows-EtwCollector
Channel
Operational

Description

Machine [Name: {Name}] [OS Description: {OSDescription}] [Architecture: {Architecture}].

Message #

Machine [Name: {Name}] [OS Description: {OSDescription}] [Architecture: {Architecture}]

Fields #

NameDescription
Name
OSDescription
Architecture