Event ID 10002 — Shutting down application or service 'VMware Snapshot Provider'.
Description
Shutting down application or service 'VMware Snapshot Provider'.
Message #
Fields #
| Name | Description |
|---|---|
RmApplicationEvent.RmSessionId | — |
RmApplicationEvent.FullPath | — |
RmApplicationEvent.DisplayName | — |
RmApplicationEvent.AppVersion | — |
RmApplicationEvent.AppType | — |
RmApplicationEvent.TSSessionId | — |
RmApplicationEvent.Status | — |
RmApplicationEvent.Pid | — |
RmApplicationEvent.nFiles | — |
RmApplicationEvent.Files | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-RestartManager",
"guid": "0888E5EF-9B98-4695-979D-E92CE4247224",
"event_source_name": "",
"event_id": 10002,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2023-11-05T22:27:35.029379+00:00",
"event_record_id": 1464,
"correlation": {},
"execution": {
"process_id": 1520,
"thread_id": 5908
},
"channel": "Application",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"user_data": {
"RmApplicationEvent": {
"RmSessionId": 0,
"FullPath": "C:\\Windows\\System32\\dllhost.exe",
"DisplayName": "VMware Snapshot Provider",
"AppVersion": 0,
"AppType": 3,
"TSSessionId": 0,
"Status": 262146,
"Pid": 4400,
"nFiles": 0,
"Files": {
"File": [
""
]
}
}
},
"message": "Shutting down application or service 'VMware Snapshot Provider'."
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline