Microsoft-Windows-Resource-Exhaustion-Resolver
17 events across 1 channel
Event ID 1001 — The Windows Resource Exhaustion Resolver started.
#Description
The Windows Resource Exhaustion Resolver started.
Message #
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Resource-Exhaustion-Resolver",
"guid": "91F5FB12-FDEA-4095-85D5-614B495CD9DE",
"event_source_name": "",
"event_id": 1001,
"version": 0,
"level": 4,
"task": 1,
"opcode": 11,
"keywords": 9223372036854779904,
"time_created": "2023-11-06T00:17:35.591067+00:00",
"event_record_id": 1,
"correlation": {},
"execution": {
"process_id": 4036,
"thread_id": 3104
},
"channel": "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1002 — The Windows Resource Exhaustion Resolver stopped.
Description
The Windows Resource Exhaustion Resolver stopped.
Message #
Event ID 1003 — The Windows Resource Exhaustion Resolver received a notification that the computer is low on virtual memory.
Description
The Windows Resource Exhaustion Resolver received a notification that the computer is low on virtual memory. This notification was ignored as it is no longer valid.
Message #
Fields #
| Name | Description |
|---|---|
TimeSinceLastUI UInt32 | — |
EventGenerationTime FILETIME | — |
EventType UInt32 | — |
DropReasonCode UInt32 | — |
TimesUIShown UInt8 | — |
MaxCommit UInt8 | — |
Event ID 1004 — The Windows Resource Exhaustion Resolver close programs UI was launched.
Description
The Windows Resource Exhaustion Resolver close programs UI was launched.
Message #
Fields #
| Name | Description |
|---|---|
Process_1_Name UnicodeString | — |
Process_1_ID UInt32 | — |
Process_1_CreationTime FILETIME | — |
Process_1_Version UnicodeString | — |
Process_2_Name UnicodeString | — |
Process_2_ID UInt32 | — |
Process_2_CreationTime FILETIME | — |
Process_2_Version UnicodeString | — |
Process_3_Name UnicodeString | — |
Process_3_ID UInt32 | — |
Process_3_CreationTime FILETIME | — |
Process_3_Version UnicodeString | — |
ResolverID UInt32 | — |
EventGenerationTime FILETIME | — |
Event ID 1005 — The Windows Resource Exhaustion Resolver failed to start due to an error.
Event ID 1006 — The Windows Resource Exhaustion Resolver failed to stop due to an error.
Event ID 1007 — The Windows Resource Exhaustion Resolver experienced a memory allocation failure.
Event ID 1008 — The Windows Resource Exhaustion Resolver failed to launch the close programs UI.
Event ID 1009 — The Windows Resource Exhaustion Resolver close programs UI was closed.
Event ID 1010 — Windows could not restore the computer's virtual memory.
Event ID 1011 — Windows could not restore the computer's virtual memory because some programs could not be closed.
Event ID 1012 — Windows successfully restored your computer's virtual memory.
Event ID 1013 — Windows successfully restored your computer's virtual memory without closing any programs.
Event ID 1014 — The Windows Resource Exhaustion Resolver received a notification to perform memory leak diagnosis.
#Description
The Windows Resource Exhaustion Resolver received a notification to perform memory leak diagnosis. This notification was processed and dropped.
Message #
Fields #
| Name | Description |
|---|---|
DroppedLeakDiagnosisEventInfo.ProcessImageName | — |
DroppedLeakDiagnosisEventInfo.ProcessId | — |
DroppedLeakDiagnosisEventInfo.ProcessCreationTime | — |
DroppedLeakDiagnosisEventInfo.DropReasonCode | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Resource-Exhaustion-Resolver",
"guid": "91F5FB12-FDEA-4095-85D5-614B495CD9DE",
"event_source_name": "",
"event_id": 1014,
"version": 0,
"level": 4,
"task": 5,
"opcode": 41,
"keywords": 9223372036854792192,
"time_created": "2023-11-06T01:57:53.182895+00:00",
"event_record_id": 5,
"correlation": {
"ActivityID": "44552D3D-0E8F-4E4A-B552-A11F4B96A461"
},
"execution": {
"process_id": 4036,
"thread_id": 10076
},
"channel": "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"user_data": {
"DroppedLeakDiagnosisEventInfo": {
"ProcessImageName": "eclipse.exe",
"ProcessId": 14244,
"ProcessCreationTime": "2023-11-06T01:52:45.374765Z",
"DropReasonCode": 16
}
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1015 — The Windows Resource Exhaustion Resolver received an event from the Windows Resource Exhaustion Detector.
#Description
The Windows Resource Exhaustion Resolver received an event from the Windows Resource Exhaustion Detector.
Message #
Fields #
| Name | Description |
|---|---|
EventInfo.Event | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Resource-Exhaustion-Resolver",
"guid": "91F5FB12-FDEA-4095-85D5-614B495CD9DE",
"event_source_name": "",
"event_id": 1015,
"version": 0,
"level": 4,
"task": 3,
"opcode": 21,
"keywords": 9223372036854784000,
"time_created": "2023-11-06T01:57:37.883763+00:00",
"event_record_id": 4,
"correlation": {
"ActivityID": "44552D3D-0E8F-4E4A-B552-A11F4B96A461"
},
"execution": {
"process_id": 4036,
"thread_id": 10076
},
"channel": "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"user_data": {
"EventInfo": {
"Event": 4
}
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline