Event ID 101 — This application took longer than usual to start up, resulting in a performance degradation in the system startup process.

Provider: Microsoft-Windows-Diagnostics-Performance
Channel: Operational
Level: Warning
Task: BootPerformanceMonitoring
Opcode: BootDegradation

Description

This application took longer than usual to start up, resulting in a performance degradation in the system startup process.

Message #

This application took longer than usual to start up, resulting in a performance degradation in the system startup process: 

     File Name		: %3

     Friendly Name		: %5

     Version		: %7

     Total Time		: %8ms

     Degradation Time	: %9ms

     Incident Time (UTC)	: %1

Fields #

Name	Description
`StartTime` FILETIME	—
`NameLength` UInt32	—
`Name` UnicodeString	—
`FriendlyNameLength` UInt32	—
`FriendlyName` UnicodeString	—
`VersionLength` UInt32	—
`Version` UnicodeString	—
`TotalTime` UInt32	—
`DegradationTime` UInt32	—
`PathLength` UInt32	—
`Path` UnicodeString	—
`ProductNameLength` UInt32	—
`ProductName` UnicodeString	—
`CompanyNameLength` UInt32	—
`CompanyName` UnicodeString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Diagnostics-Performance",
    "guid": "CFC18EC0-96B1-4EBA-961B-622CAEE05B0A",
    "event_source_name": "",
    "event_id": 101,
    "version": 1,
    "level": 3,
    "task": 4002,
    "opcode": 33,
    "keywords": 9223372036854841344,
    "time_created": "2023-11-05T22:33:58.036338+00:00",
    "event_record_id": 44,
    "correlation": {
      "ActivityID": "E4DB489E-1037-0003-0982-DBE43710DA01"
    },
    "execution": {
      "process_id": 3160,
      "thread_id": 3556
    },
    "channel": "Microsoft-Windows-Diagnostics-Performance/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-19"
    }
  },
  "event_data": {
    "StartTime": "2023-11-05T22:32:00.970725Z",
    "NameLength": 28,
    "Name": "StartMenuExperienceHost.exe",
    "FriendlyNameLength": 30,
    "FriendlyName": "Windows Start Experience Host",
    "VersionLength": 39,
    "Version": "10.0.22621.2361 (WinBuild.160101.0800)",
    "TotalTime": 6125,
    "DegradationTime": 3625,
    "PathLength": 106,
    "Path": "C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe",
    "ProductNameLength": 37,
    "ProductName": "Microsoft® Windows® Operating System",
    "CompanyNameLength": 22,
    "CompanyName": "Microsoft Corporation"
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline