Microsoft-Windows-Shell-Core
2380 events across 5 channels
| Event ID | Title | Channel |
|---|---|---|
| 1 | Diagnostic | |
| 2 | Diagnostic | |
| 3 | Diagnostic | |
| 4 | Diagnostic | |
| 101 | Diagnostic | |
| 102 | Diagnostic | |
| 103 | Diagnostic | |
| 104 | Diagnostic | |
| 105 | Diagnostic | |
| 106 | Diagnostic | |
| 107 | Diagnostic | |
| 108 | Diagnostic | |
| 109 | Diagnostic | |
| 110 | Diagnostic | |
| 111 | Diagnostic | |
| 112 | Diagnostic | |
| 113 | Diagnostic | |
| 114 | Diagnostic | |
| 115 | Diagnostic | |
| 501 | Diagnostic | |
| 502 | Diagnostic | |
| 503 | Diagnostic | |
| 504 | Diagnostic | |
| 505 | Diagnostic | |
| 506 | Diagnostic | |
| 507 | Diagnostic | |
| 508 | Diagnostic | |
| 509 | Diagnostic | |
| 510 | Diagnostic | |
| 1001 | Diagnostic | |
| 1002 | Diagnostic | |
| 1003 | Diagnostic | |
| 1004 | Diagnostic | |
| 1005 | Diagnostic | |
| 1006 | Diagnostic | |
| 1007 | Diagnostic | |
| 1008 | Diagnostic | |
| 1011 | Diagnostic | |
| 1012 | Diagnostic | |
| 1013 | Diagnostic | |
| 1014 | Diagnostic | |
| 1015 | Diagnostic | |
| 1016 | Diagnostic | |
| 1017 | Diagnostic | |
| 1018 | Diagnostic | |
| 1019 | Diagnostic | |
| 1020 | Diagnostic | |
| 1021 | Diagnostic | |
| 1022 | Diagnostic | |
| 1023 | Diagnostic | |
| 1024 | Diagnostic | |
| 1025 | Diagnostic | |
| 1026 | Diagnostic | |
| 1027 | Diagnostic | |
| 1028 | Diagnostic | |
| 1029 | Diagnostic | |
| 1033 | Diagnostic | |
| 1035 | Diagnostic | |
| 1037 | Diagnostic | |
| 1038 | Diagnostic | |
| 1039 | Diagnostic | |
| 1040 | Diagnostic | |
| 1041 | Diagnostic | |
| 1042 | Diagnostic | |
| 1043 | Diagnostic | |
| 1044 | Diagnostic | |
| 1045 | Diagnostic | |
| 1046 | Diagnostic | |
| 1047 | Diagnostic | |
| 1048 | Diagnostic | |
| 1049 | Diagnostic | |
| 1050 | Diagnostic | |
| 1051 | Diagnostic | |
| 1054 | Diagnostic | |
| 1055 | Diagnostic | |
| 1056 | Diagnostic | |
| 1057 | Diagnostic | |
| 1058 | Diagnostic | |
| 1059 | Diagnostic | |
| 1062 | Diagnostic | |
| 1063 | Diagnostic | |
| 1064 | Diagnostic | |
| 1065 | Diagnostic | |
| 1066 | Diagnostic | |
| 1067 | Diagnostic | |
| 1068 | Diagnostic | |
| 1069 | Diagnostic | |
| 1070 | Diagnostic | |
| 1071 | Diagnostic | |
| 1072 | Diagnostic | |
| 1073 | Diagnostic | |
| 1074 | Diagnostic | |
| 1075 | Diagnostic | |
| 1076 | Diagnostic | |
| 1077 | Diagnostic | |
| 1078 | Diagnostic | |
| 1079 | Diagnostic | |
| 1080 | Diagnostic | |
| 1081 | Diagnostic | |
| 1082 | Diagnostic | |
| 1083 | Diagnostic | |
| 1084 | Diagnostic | |
| 1085 | Diagnostic | |
| 1086 | Diagnostic | |
| 1087 | Diagnostic | |
| 1088 | Diagnostic | |
| 1089 | Diagnostic | |
| 1090 | Diagnostic | |
| 1091 | Diagnostic | |
| 1092 | Diagnostic | |
| 1093 | Diagnostic | |
| 1094 | Diagnostic | |
| 1095 | Diagnostic | |
| 1096 | Diagnostic | |
| 1097 | Diagnostic | |
| 1098 | Diagnostic | |
| 1099 | Diagnostic | |
| 1100 | Diagnostic | |
| 1101 | Diagnostic | |
| 1102 | Diagnostic | |
| 1103 | Diagnostic | |
| 1104 | Diagnostic | |
| 1105 | Diagnostic | |
| 1106 | Diagnostic | |
| 1107 | Diagnostic | |
| 1108 | Diagnostic | |
| 1109 | Diagnostic | |
| 1110 | Diagnostic | |
| 1111 | Diagnostic | |
| 1112 | Diagnostic | |
| 1113 | Diagnostic | |
| 1114 | Diagnostic | |
| 1115 | Diagnostic | |
| 1116 | Diagnostic | |
| 1117 | Diagnostic | |
| 1118 | Diagnostic | |
| 1119 | Diagnostic | |
| 1120 | Diagnostic | |
| 1121 | Diagnostic | |
| 1122 | Diagnostic | |
| 1123 | Diagnostic | |
| 1124 | Diagnostic | |
| 1125 | Diagnostic | |
| 1126 | Diagnostic | |
| 1127 | Diagnostic | |
| 1128 | Diagnostic | |
| 1129 | Diagnostic | |
| 1130 | Diagnostic | |
| 1131 | Diagnostic | |
| 1132 | Diagnostic | |
| 1133 | Diagnostic | |
| 1134 | Diagnostic | |
| 1135 | Diagnostic | |
| 1140 | Diagnostic | |
| 1141 | Diagnostic | |
| 1142 | Diagnostic | |
| 1143 | Diagnostic | |
| 1144 | Diagnostic | |
| 1145 | Diagnostic | |
| 1146 | Diagnostic | |
| 1147 | Diagnostic | |
| 1148 | Diagnostic | |
| 1149 | Diagnostic | |
| 1150 | Diagnostic | |
| 1151 | Diagnostic | |
| 1152 | Operational | |
| 1401 | Diagnostic | |
| 1402 | Diagnostic | |
| 1403 | Diagnostic | |
| 1404 | Diagnostic | |
| 1405 | Diagnostic | |
| 1406 | Diagnostic | |
| 1409 | Diagnostic | |
| 1410 | Diagnostic | |
| 1411 | Diagnostic | |
| 1412 | Diagnostic | |
| 1413 | Diagnostic | |
| 1414 | Diagnostic | |
| 1415 | Diagnostic | |
| 1417 | Diagnostic | |
| 1419 | Diagnostic | |
| 1500 | Diagnostic | |
| 1501 | Diagnostic | |
| 1502 | Diagnostic | |
| 1503 | Diagnostic | |
| 1504 | Diagnostic | |
| 1505 | Diagnostic | |
| 1506 | Diagnostic | |
| 1507 | Diagnostic | |
| 1508 | Diagnostic | |
| 1509 | Diagnostic | |
| 1510 | Diagnostic | |
| 1511 | Diagnostic | |
| 1512 | Diagnostic | |
| 1513 | Diagnostic | |
| 1514 | Diagnostic | |
| 1515 | Diagnostic | |
| 1518 | Diagnostic | |
| 1519 | Diagnostic | |
| 1520 | Diagnostic | |
| 1521 | Diagnostic | |
| 1522 | Diagnostic | |
| 1523 | Diagnostic | |
| 1524 | Diagnostic | |
| 1525 | Diagnostic | |
| 1526 | Diagnostic | |
| 1527 | Diagnostic | |
| 1528 | Diagnostic | |
| 1529 | Diagnostic | |
| 1530 | Diagnostic | |
| 1531 | Diagnostic | |
| 1532 | Diagnostic | |
| 1533 | Diagnostic | |
| 1534 | Diagnostic | |
| 1535 | Diagnostic | |
| 1536 | Diagnostic | |
| 1537 | Diagnostic | |
| 1538 | Diagnostic | |
| 1539 | Diagnostic | |
| 1540 | Diagnostic | |
| 1541 | Diagnostic | |
| 1542 | Diagnostic | |
| 1543 | Diagnostic | |
| 1544 | Diagnostic | |
| 1545 | Diagnostic | |
| 1546 | Diagnostic | |
| 1547 | Diagnostic | |
| 1548 | Diagnostic | |
| 1549 | Diagnostic | |
| 1550 | Diagnostic | |
| 1551 | Diagnostic | |
| 1552 | Diagnostic | |
| 1553 | Diagnostic | |
| 1554 | Diagnostic | |
| 1555 | Diagnostic | |
| 1556 | Diagnostic | |
| 1557 | Diagnostic | |
| 1558 | Diagnostic | |
| 1559 | Diagnostic | |
| 1560 | Diagnostic | |
| 1561 | Diagnostic | |
| 1562 | Diagnostic | |
| 1563 | Diagnostic | |
| 1564 | Diagnostic | |
| 1565 | Diagnostic | |
| 1566 | Diagnostic | |
| 1567 | Diagnostic | |
| 1568 | Diagnostic | |
| 1569 | Diagnostic | |
| 1570 | Diagnostic | |
| 1571 | Diagnostic | |
| 1572 | Diagnostic | |
| 1573 | Diagnostic | |
| 1574 | Diagnostic | |
| 1575 | Diagnostic | |
| 1576 | Diagnostic | |
| 1577 | Diagnostic | |
| 1578 | Diagnostic | |
| 1579 | Diagnostic | |
| 1580 | Diagnostic | |
| 1581 | Diagnostic | |
| 1582 | Diagnostic | |
| 1583 | Diagnostic | |
| 1584 | Diagnostic | |
| 1585 | Diagnostic | |
| 1586 | Diagnostic | |
| 1587 | Diagnostic | |
| 1588 | Diagnostic | |
| 1589 | Diagnostic | |
| 1590 | Diagnostic | |
| 1591 | Diagnostic | |
| 1592 | Diagnostic | |
| 1593 | Diagnostic | |
| 1594 | Diagnostic | |
| 1595 | Diagnostic | |
| 1596 | Diagnostic | |
| 1597 | Diagnostic | |
| 1598 | Diagnostic | |
| 1599 | Diagnostic | |
| 1600 | Diagnostic | |
| 1601 | Diagnostic | |
| 1602 | Diagnostic | |
| 1603 | Diagnostic | |
| 1604 | Diagnostic | |
| 1605 | Diagnostic | |
| 1606 | Diagnostic | |
| 1607 | Diagnostic | |
| 1608 | Diagnostic | |
| 1609 | Diagnostic | |
| 1610 | Diagnostic | |
| 1611 | Diagnostic | |
| 1612 | Diagnostic | |
| 1613 | Diagnostic | |
| 1614 | Diagnostic | |
| 1615 | Diagnostic | |
| 1616 | Diagnostic | |
| 1617 | Diagnostic | |
| 1618 | Diagnostic | |
| 1619 | Diagnostic | |
| 1620 | Diagnostic | |
| 1621 | Diagnostic | |
| 1622 | Diagnostic | |
| 1623 | Diagnostic | |
| 1628 | Diagnostic | |
| 1629 | Diagnostic | |
| 1630 | Diagnostic | |
| 1631 | Diagnostic | |
| 1632 | Diagnostic | |
| 1633 | Diagnostic | |
| 1634 | Diagnostic | |
| 1635 | Diagnostic | |
| 1636 | Diagnostic | |
| 1637 | Diagnostic | |
| 1640 | Diagnostic | |
| 1641 | Diagnostic | |
| 1642 | Diagnostic | |
| 1643 | Diagnostic | |
| 1644 | Diagnostic | |
| 1645 | Diagnostic | |
| 1646 | Diagnostic | |
| 1647 | Diagnostic | |
| 1648 | Diagnostic | |
| 1649 | Diagnostic | |
| 1650 | Diagnostic | |
| 1651 | Diagnostic | |
| 1652 | Diagnostic | |
| 1653 | Diagnostic | |
| 1654 | Diagnostic | |
| 1655 | Diagnostic | |
| 1656 | Diagnostic | |
| 1657 | Diagnostic | |
| 1658 | Diagnostic | |
| 1659 | Diagnostic | |
| 1660 | Diagnostic | |
| 1661 | Diagnostic | |
| 1662 | Diagnostic | |
| 1663 | Diagnostic | |
| 1664 | Diagnostic | |
| 1665 | Diagnostic | |
| 1666 | Diagnostic | |
| 1667 | Diagnostic | |
| 1668 | Diagnostic | |
| 1669 | Diagnostic | |
| 1672 | Diagnostic | |
| 1673 | Diagnostic | |
| 1674 | Diagnostic | |
| 1675 | Diagnostic | |
| 1676 | Diagnostic | |
| 1677 | Diagnostic | |
| 1678 | Diagnostic | |
| 1679 | Diagnostic | |
| 1680 | Diagnostic | |
| 1681 | Diagnostic | |
| 1682 | Diagnostic | |
| 1683 | Diagnostic | |
| 1684 | Diagnostic | |
| 1685 | Diagnostic | |
| 1686 | Diagnostic | |
| 1687 | Diagnostic | |
| 1688 | Diagnostic | |
| 1689 | Diagnostic | |
| 1690 | Diagnostic | |
| 1691 | Diagnostic | |
| 1692 | Diagnostic | |
| 1693 | Diagnostic | |
| 1694 | Diagnostic | |
| 1695 | Diagnostic | |
| 1696 | Diagnostic | |
| 1697 | Diagnostic | |
| 1698 | Diagnostic | |
| 1699 | Diagnostic | |
| 1700 | Diagnostic | |
| 1701 | Diagnostic | |
| 1702 | Diagnostic | |
| 1703 | Diagnostic | |
| 1704 | Diagnostic | |
| 1705 | Diagnostic | |
| 1706 | Diagnostic | |
| 1707 | Diagnostic | |
| 1708 | Diagnostic | |
| 1709 | Diagnostic | |
| 1710 | Diagnostic | |
| 1711 | Diagnostic | |
| 1712 | Diagnostic | |
| 1713 | Diagnostic | |
| 1714 | Diagnostic | |
| 1715 | Diagnostic | |
| 2001 | Diagnostic | |
| 2002 | Diagnostic | |
| 2003 | Diagnostic | |
| 2004 | Diagnostic | |
| 2005 | Diagnostic | |
| 2006 | Diagnostic | |
| 2007 | Diagnostic | |
| 2008 | Diagnostic | |
| 2009 | Diagnostic | |
| 2010 | Diagnostic | |
| 2011 | Diagnostic | |
| 2012 | Diagnostic | |
| 2013 | Diagnostic | |
| 2014 | Diagnostic | |
| 2015 | Diagnostic | |
| 2017 | Diagnostic | |
| 2019 | Diagnostic | |
| 2021 | Diagnostic | |
| 2022 | Diagnostic | |
| 2023 | Diagnostic | |
| 2024 | Diagnostic | |
| 2025 | Diagnostic | |
| 2027 | Diagnostic | |
| 2029 | Diagnostic | |
| 2031 | Diagnostic | |
| 2033 | Diagnostic | |
| 2035 | Diagnostic | |
| 2037 | Diagnostic | |
| 2039 | Diagnostic | |
| 2041 | Diagnostic | |
| 2043 | Diagnostic | |
| 2045 | Diagnostic | |
| 2047 | Diagnostic | |
| 2049 | Diagnostic | |
| 2050 | Diagnostic | |
| 2051 | Diagnostic | |
| 2052 | Diagnostic | |
| 2053 | Diagnostic | |
| 2054 | Diagnostic | |
| 2055 | Diagnostic | |
| 2056 | Diagnostic | |
| 2057 | Diagnostic | |
| 2058 | Diagnostic | |
| 2059 | Diagnostic | |
| 2060 | Diagnostic | |
| 2061 | Diagnostic | |
| 2062 | Diagnostic | |
| 2063 | Diagnostic | |
| 2064 | Diagnostic | |
| 2065 | Diagnostic | |
| 2066 | Diagnostic | |
| 2067 | Diagnostic | |
| 2069 | Diagnostic | |
| 2070 | Diagnostic | |
| 2071 | Diagnostic | |
| 2072 | Diagnostic | |
| 3001 | Diagnostic | |
| 3002 | Diagnostic | |
| 3003 | Diagnostic | |
| 3004 | Diagnostic | |
| 3005 | Diagnostic | |
| 3006 | Diagnostic | |
| 3007 | Diagnostic | |
| 3009 | Diagnostic | |
| 3010 | Diagnostic | |
| 3011 | Diagnostic | |
| 3012 | Diagnostic | |
| 3013 | Diagnostic | |
| 3014 | Diagnostic | |
| 3015 | Diagnostic | |
| 3016 | Diagnostic | |
| 4001 | Diagnostic | |
| 4003 | Diagnostic | |
| 4005 | Diagnostic | |
| 4007 | Diagnostic | |
| 4008 | Diagnostic | |
| 4009 | Diagnostic | |
| 5001 | Diagnostic | |
| 5002 | Diagnostic | |
| 5003 | Diagnostic | |
| 5004 | Diagnostic | |
| 5005 | Diagnostic | |
| 6001 | Diagnostic | |
| 6002 | Diagnostic | |
| 6201 | Diagnostic | |
| 6202 | Diagnostic | |
| 6203 | Diagnostic | |
| 6204 | Diagnostic | |
| 6205 | Diagnostic | |
| 6206 | Diagnostic | |
| 6207 | Diagnostic | |
| 6208 | Diagnostic | |
| 6209 | Diagnostic | |
| 6210 | Diagnostic | |
| 6211 | Diagnostic | |
| 6212 | Diagnostic | |
| 6213 | Diagnostic | |
| 6214 | Diagnostic | |
| 6215 | Diagnostic | |
| 6216 | Diagnostic | |
| 6217 | Diagnostic | |
| 6218 | Diagnostic | |
| 6219 | Diagnostic | |
| 6220 | Diagnostic | |
| 6221 | Diagnostic | |
| 6222 | Diagnostic | |
| 6223 | Diagnostic | |
| 6224 | Diagnostic | |
| 6225 | Diagnostic | |
| 6226 | Diagnostic | |
| 6227 | Diagnostic | |
| 6228 | Diagnostic | |
| 6229 | Diagnostic | |
| 6230 | Diagnostic | |
| 6231 | Diagnostic | |
| 6233 | Diagnostic | |
| 6235 | Diagnostic | |
| 6236 | Diagnostic | |
| 6237 | Diagnostic | |
| 6238 | Diagnostic | |
| 6239 | Diagnostic | |
| 6240 | Diagnostic | |
| 6241 | Diagnostic | |
| 6242 | Diagnostic | |
| 6243 | Diagnostic | |
| 6501 | Diagnostic | |
| 6502 | Diagnostic | |
| 6503 | Diagnostic | |
| 6504 | Diagnostic | |
| 6505 | Diagnostic | |
| 6506 | Diagnostic | |
| 6507 | Diagnostic | |
| 6508 | Diagnostic | |
| 6509 | Diagnostic | |
| 6510 | Diagnostic | |
| 6511 | Diagnostic | |
| 6512 | Diagnostic | |
| 6513 | Diagnostic | |
| 6514 | Diagnostic | |
| 6515 | Diagnostic | |
| 6516 | Diagnostic | |
| 6517 | Diagnostic | |
| 6518 | Diagnostic | |
| 7001 | Diagnostic | |
| 7002 | Diagnostic | |
| 7003 | Diagnostic | |
| 7004 | Diagnostic | |
| 7005 | Diagnostic | |
| 7006 | Diagnostic | |
| 8001 | Diagnostic | |
| 8002 | Diagnostic | |
| 8003 | Diagnostic | |
| 8004 | Diagnostic | |
| 8005 | Diagnostic | |
| 8006 | Diagnostic | |
| 9501 | Diagnostic | |
| 9503 | Diagnostic | |
| 9505 | Diagnostic | |
| 9506 | Diagnostic | |
| 9509 | Diagnostic | |
| 9510 | Diagnostic | |
| 9511 | Diagnostic | |
| 9512 | Diagnostic | |
| 9513 | Diagnostic | |
| 9515 | Diagnostic | |
| 9517 | Diagnostic | |
| 9519 | Diagnostic | |
| 9520 | Diagnostic | |
| 9521 | Diagnostic | |
| 9522 | Diagnostic | |
| 9523 | Diagnostic | |
| 9525 | Diagnostic | |
| 9526 | Diagnostic | |
| 9527 | Diagnostic | |
| 9529 | Diagnostic | |
| 9531 | Diagnostic | |
| 9533 | Diagnostic | |
| 9535 | Diagnostic | |
| 9539 | Diagnostic | |
| 9541 | Diagnostic | |
| 9543 | Diagnostic | |
| 9545 | Diagnostic | |
| 9547 | Diagnostic | |
| 9549 | Diagnostic | |
| 9551 | Diagnostic | |
| 9553 | Diagnostic | |
| 9555 | Diagnostic | |
| 9557 | Diagnostic | |
| 9559 | Diagnostic | |
| 9560 | Diagnostic | |
| 9561 | Diagnostic | |
| 9563 | Diagnostic | |
| 9565 | Diagnostic | |
| 9567 | Diagnostic | |
| 9568 | Diagnostic | |
| 9569 | Diagnostic | |
| 9571 | Diagnostic | |
| 9573 | Diagnostic | |
| 9575 | Diagnostic | |
| 9577 | Diagnostic | |
| 9581 | Diagnostic | |
| 9583 | Diagnostic | |
| 9585 | Diagnostic | |
| 9587 | Diagnostic | |
| 9589 | Diagnostic | |
| 9591 | Diagnostic | |
| 9593 | Diagnostic | |
| 9595 | Diagnostic | |
| 9597 | Diagnostic | |
| 9599 | Diagnostic | |
| 9601 | Diagnostic | |
| 9602 | Diagnostic | |
| 9603 | Diagnostic | |
| 9604 | Diagnostic | |
| 9607 | Diagnostic | |
| 9608 | Diagnostic | |
| 9609 | Diagnostic | |
| 9610 | Diagnostic | |
| 9611 | Diagnostic | |
| 9612 | Diagnostic | |
| 9613 | Diagnostic | |
| 9615 | Diagnostic | |
| 9617 | Diagnostic | |
| 9619 | Diagnostic | |
| 9621 | Diagnostic | |
| 9622 | Diagnostic | |
| 9623 | Diagnostic | |
| 9625 | Diagnostic | |
| 9626 | Diagnostic | |
| 9627 | Diagnostic | |
| 9628 | Diagnostic | |
| 9629 | Diagnostic | |
| 9630 | Diagnostic | |
| 9631 | Diagnostic | |
| 9633 | Diagnostic | |
| 9635 | Diagnostic | |
| 9637 | Diagnostic | |
| 9638 | Diagnostic | |
| 9639 | Diagnostic | |
| 9641 | Diagnostic | |
| 9643 | Diagnostic | |
| 9644 | Diagnostic | |
| 9645 | Diagnostic | |
| 9646 | Diagnostic | |
| 9647 | Diagnostic | |
| 9648 | Operational | |
| 9649 | Operational | |
| 9650 | Diagnostic | |
| 9651 | Diagnostic | |
| 9652 | Operational | |
| 9653 | Operational | |
| 9654 | Diagnostic | |
| 9660 | Diagnostic | |
| 9662 | Diagnostic | |
| 9663 | Diagnostic | |
| 9664 | Diagnostic | |
| 9665 | Diagnostic | |
| 9666 | Diagnostic | |
| 9699 | Diagnostic | |
| 9701 | Diagnostic | |
| 9702 | Diagnostic | |
| 9703 | RunOnce commands started. | Operational |
| 9704 | RunOnce commands finished. | Operational |
| 9705 | Started enumeration of commands for registry key 'KeyName'. | Operational |
| 9706 | Finished enumeration of commands for registry key 'KeyName'. | Operational |
| 9707 | Started execution of command 'Command'. | Operational |
| 9708 | Finished execution of command 'Command' (PID PID). | Operational |
| 9709 | Diagnostic | |
| 9710 | Diagnostic | |
| 9711 | Diagnostic | |
| 9712 | Diagnostic | |
| 9713 | Diagnostic | |
| 9714 | Diagnostic | |
| 9716 | Diagnostic | |
| 9717 | Diagnostic | |
| 9801 | Diagnostic | |
| 9802 | Diagnostic | |
| 9803 | Diagnostic | |
| 9804 | Diagnostic | |
| 9805 | Diagnostic | |
| 9806 | Diagnostic | |
| 9808 | Diagnostic | |
| 9810 | Diagnostic | |
| 9811 | Operational | |
| 9812 | Operational | |
| 9901 | Diagnostic | |
| 9902 | Diagnostic | |
| 9903 | Diagnostic | |
| 9904 | Diagnostic | |
| 9905 | Diagnostic | |
| 9906 | Diagnostic | |
| 9907 | Diagnostic | |
| 9909 | Diagnostic | |
| 9910 | Diagnostic | |
| 9911 | Diagnostic | |
| 9912 | Diagnostic | |
| 9913 | Diagnostic | |
| 9914 | Diagnostic | |
| 9915 | Diagnostic | |
| 9916 | Diagnostic | |
| 9917 | Diagnostic | |
| 9918 | Diagnostic | |
| 9919 | Diagnostic | |
| 10001 | Diagnostic | |
| 10002 | Diagnostic | |
| 11001 | Diagnostic | |
| 11003 | Diagnostic | |
| 11004 | Diagnostic | |
| 11005 | Diagnostic | |
| 11006 | Diagnostic | |
| 11007 | Diagnostic | |
| 11009 | Diagnostic | |
| 11010 | Diagnostic | |
| 11011 | Diagnostic | |
| 11013 | Diagnostic | |
| 11014 | Diagnostic | |
| 11015 | Diagnostic | |
| 11016 | Diagnostic | |
| 11017 | Diagnostic | |
| 12001 | Diagnostic | |
| 12101 | Diagnostic | |
| 12102 | Diagnostic | |
| 12103 | Diagnostic | |
| 12104 | Diagnostic | |
| 12105 | Diagnostic | |
| 12106 | Diagnostic | |
| 12107 | Diagnostic | |
| 12108 | Diagnostic | |
| 12109 | Diagnostic | |
| 12110 | Diagnostic | |
| 12111 | Diagnostic | |
| 12112 | Diagnostic | |
| 12113 | Diagnostic | |
| 12114 | Diagnostic | |
| 13001 | Diagnostic | |
| 13002 | Diagnostic | |
| 13003 | Diagnostic | |
| 13004 | Diagnostic | |
| 13005 | Diagnostic | |
| 13006 | Diagnostic | |
| 13007 | Diagnostic | |
| 13008 | Diagnostic | |
| 13101 | Diagnostic | |
| 13102 | Diagnostic | |
| 13501 | Diagnostic | |
| 13502 | Diagnostic | |
| 13503 | Diagnostic | |
| 13505 | Diagnostic | |
| 13507 | Diagnostic | |
| 13509 | Diagnostic | |
| 13511 | Diagnostic | |
| 13513 | Diagnostic | |
| 13515 | Diagnostic | |
| 13517 | Diagnostic | |
| 14001 | Diagnostic | |
| 14002 | Diagnostic | |
| 14003 | Diagnostic | |
| 14004 | Diagnostic | |
| 14005 | Diagnostic | |
| 14006 | Diagnostic | |
| 14007 | Diagnostic | |
| 14008 | Diagnostic | |
| 14009 | Diagnostic | |
| 14101 | Diagnostic | |
| 14102 | Diagnostic | |
| 14103 | Diagnostic | |
| 14104 | Diagnostic | |
| 14201 | Diagnostic | |
| 14202 | Diagnostic | |
| 14203 | Diagnostic | |
| 14204 | Diagnostic | |
| 14205 | Diagnostic | |
| 14206 | Diagnostic | |
| 14207 | Diagnostic | |
| 14209 | Diagnostic | |
| 14211 | Diagnostic | |
| 14213 | Diagnostic | |
| 14215 | Diagnostic | |
| 14216 | Diagnostic | |
| 14217 | Diagnostic | |
| 14219 | Diagnostic | |
| 14220 | Diagnostic | |
| 14501 | Diagnostic | |
| 14502 | Diagnostic | |
| 14503 | Diagnostic | |
| 14504 | Diagnostic | |
| 14505 | Diagnostic | |
| 14506 | Diagnostic | |
| 14507 | Diagnostic | |
| 14508 | Diagnostic | |
| 14509 | Diagnostic | |
| 14510 | Diagnostic | |
| 14511 | Diagnostic | |
| 14512 | Diagnostic | |
| 14513 | Diagnostic | |
| 14514 | Diagnostic | |
| 14515 | Diagnostic | |
| 14516 | Diagnostic | |
| 14517 | Diagnostic | |
| 14518 | Diagnostic | |
| 14519 | Diagnostic | |
| 14520 | Diagnostic | |
| 14521 | Diagnostic | |
| 14522 | Diagnostic | |
| 14523 | Diagnostic | |
| 14524 | Diagnostic | |
| 14525 | Diagnostic | |
| 14526 | Diagnostic | |
| 14527 | Diagnostic | |
| 14528 | Diagnostic | |
| 14529 | Diagnostic | |
| 14530 | Diagnostic | |
| 14531 | Diagnostic | |
| 14532 | Diagnostic | |
| 14533 | Diagnostic | |
| 14534 | Diagnostic | |
| 14535 | Diagnostic | |
| 14536 | Diagnostic | |
| 14537 | Diagnostic | |
| 14538 | Diagnostic | |
| 14539 | Diagnostic | |
| 14540 | Diagnostic | |
| 14541 | Diagnostic | |
| 14542 | Diagnostic | |
| 14543 | Diagnostic | |
| 14544 | Diagnostic | |
| 14545 | Diagnostic | |
| 14546 | Diagnostic | |
| 14547 | Diagnostic | |
| 14548 | Diagnostic | |
| 14549 | Diagnostic | |
| 14550 | Diagnostic | |
| 14551 | Diagnostic | |
| 14552 | Diagnostic | |
| 14553 | Diagnostic | |
| 14554 | Diagnostic | |
| 14555 | Diagnostic | |
| 14556 | Diagnostic | |
| 14557 | Diagnostic | |
| 14558 | Diagnostic | |
| 14559 | Diagnostic | |
| 14560 | Diagnostic | |
| 14561 | Diagnostic | |
| 14563 | Diagnostic | |
| 14564 | Diagnostic | |
| 15001 | Diagnostic | |
| 15002 | Diagnostic | |
| 15003 | Diagnostic | |
| 15004 | Diagnostic | |
| 15501 | Diagnostic | |
| 15502 | Diagnostic | |
| 15503 | Diagnostic | |
| 15504 | Diagnostic | |
| 15505 | Diagnostic | |
| 15506 | Diagnostic | |
| 15507 | Diagnostic | |
| 15508 | Diagnostic | |
| 15509 | Diagnostic | |
| 15510 | Diagnostic | |
| 15511 | Diagnostic | |
| 15512 | Diagnostic | |
| 15513 | Diagnostic | |
| 15514 | Diagnostic | |
| 15515 | Diagnostic | |
| 15516 | Diagnostic | |
| 15517 | Diagnostic | |
| 15518 | Diagnostic | |
| 15519 | Diagnostic | |
| 15520 | Diagnostic | |
| 16501 | Diagnostic | |
| 16502 | Diagnostic | |
| 16503 | Diagnostic | |
| 16504 | Diagnostic | |
| 16505 | Diagnostic | |
| 16506 | Diagnostic | |
| 16507 | Diagnostic | |
| 16508 | Diagnostic | |
| 16509 | Diagnostic | |
| 16510 | Diagnostic | |
| 16511 | Diagnostic | |
| 16512 | Diagnostic | |
| 16513 | Diagnostic | |
| 16514 | Diagnostic | |
| 16600 | Diagnostic | |
| 16601 | Diagnostic | |
| 16602 | Diagnostic | |
| 16603 | Diagnostic | |
| 16604 | Diagnostic | |
| 16605 | Diagnostic | |
| 16606 | Diagnostic | |
| 16607 | Diagnostic | |
| 16608 | Diagnostic | |
| 16609 | Diagnostic | |
| 16610 | Diagnostic | |
| 16611 | Diagnostic | |
| 16612 | Diagnostic | |
| 16613 | Diagnostic | |
| 16614 | Diagnostic | |
| 16615 | Diagnostic | |
| 16616 | Diagnostic | |
| 16617 | Diagnostic | |
| 16618 | Diagnostic | |
| 16619 | Diagnostic | |
| 16620 | Diagnostic | |
| 16621 | Diagnostic | |
| 16700 | Diagnostic | |
| 16701 | Diagnostic | |
| 16702 | Diagnostic | |
| 16703 | Diagnostic | |
| 16704 | Diagnostic | |
| 16705 | Diagnostic | |
| 16706 | Diagnostic | |
| 16707 | Diagnostic | |
| 16708 | Diagnostic | |
| 16709 | Diagnostic | |
| 16710 | Diagnostic | |
| 16711 | Diagnostic | |
| 16712 | Diagnostic | |
| 16713 | Diagnostic | |
| 16714 | Diagnostic | |
| 16715 | Diagnostic | |
| 16716 | Diagnostic | |
| 16717 | Diagnostic | |
| 16718 | Diagnostic | |
| 16719 | Diagnostic | |
| 16720 | Diagnostic | |
| 16721 | Diagnostic | |
| 16722 | Diagnostic | |
| 16723 | Diagnostic | |
| 16724 | Diagnostic | |
| 16725 | Diagnostic | |
| 16726 | Diagnostic | |
| 16727 | Diagnostic | |
| 16728 | Diagnostic | |
| 16729 | Diagnostic | |
| 16801 | Diagnostic | |
| 16803 | Diagnostic | |
| 16804 | Diagnostic | |
| 16805 | Diagnostic | |
| 16807 | Diagnostic | |
| 16809 | Diagnostic | |
| 16811 | Diagnostic | |
| 16813 | Diagnostic | |
| 16815 | Diagnostic | |
| 16817 | Diagnostic | |
| 16901 | Diagnostic | |
| 16902 | Diagnostic | |
| 16903 | Diagnostic | |
| 16904 | Diagnostic | |
| 16905 | Diagnostic | |
| 16906 | Diagnostic | |
| 16907 | Diagnostic | |
| 17001 | Diagnostic | |
| 17002 | Diagnostic | |
| 17003 | Diagnostic | |
| 17004 | Diagnostic | |
| 17005 | Diagnostic | |
| 17006 | Diagnostic | |
| 17007 | Diagnostic | |
| 17008 | Diagnostic | |
| 17009 | Diagnostic | |
| 17010 | Diagnostic | |
| 17101 | Diagnostic | |
| 17103 | Diagnostic | |
| 17105 | Diagnostic | |
| 17107 | Diagnostic | |
| 17109 | Diagnostic | |
| 17111 | Diagnostic | |
| 17113 | Diagnostic | |
| 17115 | Diagnostic | |
| 17117 | Diagnostic | |
| 17119 | Diagnostic | |
| 17121 | Diagnostic | |
| 17501 | Diagnostic | |
| 17502 | Diagnostic | |
| 17503 | Diagnostic | |
| 17504 | Diagnostic | |
| 17505 | Diagnostic | |
| 17506 | Diagnostic | |
| 17507 | Diagnostic | |
| 17508 | Diagnostic | |
| 17509 | Diagnostic | |
| 17510 | Diagnostic | |
| 17511 | Diagnostic | |
| 17512 | Diagnostic | |
| 17513 | Diagnostic | |
| 17514 | Diagnostic | |
| 17515 | Diagnostic | |
| 17516 | Diagnostic | |
| 17517 | Diagnostic | |
| 17518 | Diagnostic | |
| 18001 | Diagnostic | |
| 18003 | Diagnostic | |
| 18005 | Diagnostic | |
| 18006 | Diagnostic | |
| 18007 | Diagnostic | |
| 18008 | Diagnostic | |
| 18009 | Diagnostic | |
| 18010 | Diagnostic | |
| 18011 | Diagnostic | |
| 18012 | Diagnostic | |
| 18013 | Diagnostic | |
| 18015 | Diagnostic | |
| 18017 | Diagnostic | |
| 18018 | Diagnostic | |
| 18501 | Diagnostic | |
| 18503 | Diagnostic | |
| 18505 | Diagnostic | |
| 18506 | Diagnostic | |
| 18507 | Diagnostic | |
| 18508 | Diagnostic | |
| 18509 | Diagnostic | |
| 18511 | Diagnostic | |
| 18512 | Diagnostic | |
| 18513 | Diagnostic | |
| 18514 | Diagnostic | |
| 18515 | Diagnostic | |
| 18516 | Diagnostic | |
| 18517 | Diagnostic | |
| 18518 | Diagnostic | |
| 18521 | Diagnostic | |
| 18522 | Diagnostic | |
| 18523 | Diagnostic | |
| 18524 | Diagnostic | |
| 18525 | Diagnostic | |
| 18526 | Diagnostic | |
| 18527 | Diagnostic | |
| 18528 | Diagnostic | |
| 18529 | Diagnostic | |
| 18530 | Diagnostic | |
| 18531 | Diagnostic | |
| 18532 | Diagnostic | |
| 18533 | Diagnostic | |
| 18534 | Diagnostic | |
| 18535 | Diagnostic | |
| 18536 | Diagnostic | |
| 18537 | Diagnostic | |
| 18538 | Diagnostic | |
| 18539 | Diagnostic | |
| 18540 | Diagnostic | |
| 18541 | Diagnostic | |
| 18543 | Diagnostic | |
| 18544 | Diagnostic | |
| 18545 | Diagnostic | |
| 18546 | Diagnostic | |
| 18547 | Diagnostic | |
| 18548 | Diagnostic | |
| 18549 | Diagnostic | |
| 18550 | Diagnostic | |
| 18551 | Diagnostic | |
| 18552 | Diagnostic | |
| 18553 | Diagnostic | |
| 18554 | Diagnostic | |
| 18555 | Diagnostic | |
| 18556 | Diagnostic | |
| 18557 | Diagnostic | |
| 18558 | Diagnostic | |
| 18559 | Diagnostic | |
| 18560 | Diagnostic | |
| 18561 | Diagnostic | |
| 18563 | Diagnostic | |
| 18565 | Diagnostic | |
| 18567 | Diagnostic | |
| 18568 | Diagnostic | |
| 18569 | Diagnostic | |
| 18570 | Diagnostic | |
| 18571 | Diagnostic | |
| 18573 | Diagnostic | |
| 18575 | Diagnostic | |
| 18576 | Diagnostic | |
| 18577 | Diagnostic | |
| 18578 | Diagnostic | |
| 18579 | Diagnostic | |
| 18580 | Diagnostic | |
| 18581 | Diagnostic | |
| 18582 | Diagnostic | |
| 18583 | Diagnostic | |
| 18584 | Diagnostic | |
| 18585 | Diagnostic | |
| 18586 | Diagnostic | |
| 18587 | Diagnostic | |
| 18588 | Diagnostic | |
| 18589 | Diagnostic | |
| 18590 | Diagnostic | |
| 18591 | Diagnostic | |
| 18592 | Diagnostic | |
| 18593 | Diagnostic | |
| 18594 | Diagnostic | |
| 18595 | Diagnostic | |
| 18596 | Diagnostic | |
| 18597 | Diagnostic | |
| 18598 | Diagnostic | |
| 18599 | Diagnostic | |
| 18600 | Diagnostic | |
| 18601 | Diagnostic | |
| 18602 | Diagnostic | |
| 18603 | Diagnostic | |
| 18604 | Diagnostic | |
| 18605 | Diagnostic | |
| 18606 | Diagnostic | |
| 18607 | Diagnostic | |
| 18608 | Diagnostic | |
| 18609 | Diagnostic | |
| 18610 | Diagnostic | |
| 18611 | Diagnostic | |
| 18612 | Diagnostic | |
| 18613 | Diagnostic | |
| 18614 | Diagnostic | |
| 18615 | Diagnostic | |
| 18616 | Diagnostic | |
| 18617 | Diagnostic | |
| 18618 | Diagnostic | |
| 18619 | Diagnostic | |
| 18620 | Diagnostic | |
| 18621 | Diagnostic | |
| 18622 | Diagnostic | |
| 18623 | Diagnostic | |
| 18624 | Diagnostic | |
| 18625 | Diagnostic | |
| 18626 | Diagnostic | |
| 18627 | Diagnostic | |
| 18628 | Diagnostic | |
| 18629 | Diagnostic | |
| 18630 | Diagnostic | |
| 18631 | Diagnostic | |
| 18632 | Diagnostic | |
| 18633 | Diagnostic | |
| 18634 | Diagnostic | |
| 18635 | Diagnostic | |
| 18636 | Diagnostic | |
| 18637 | Diagnostic | |
| 18638 | Diagnostic | |
| 18639 | Diagnostic | |
| 18640 | Diagnostic | |
| 18641 | Diagnostic | |
| 18642 | Diagnostic | |
| 18645 | Diagnostic | |
| 18646 | Diagnostic | |
| 18649 | Diagnostic | |
| 18650 | Diagnostic | |
| 18653 | Diagnostic | |
| 18654 | Diagnostic | |
| 18657 | Diagnostic | |
| 18658 | Diagnostic | |
| 18659 | Diagnostic | |
| 18660 | Diagnostic | |
| 18661 | Diagnostic | |
| 18663 | Diagnostic | |
| 18664 | Diagnostic | |
| 18665 | Diagnostic | |
| 18669 | Diagnostic | |
| 18675 | Diagnostic | |
| 18676 | Diagnostic | |
| 18677 | Diagnostic | |
| 18678 | Diagnostic | |
| 18679 | Diagnostic | |
| 18680 | Diagnostic | |
| 18681 | Diagnostic | |
| 18682 | Diagnostic | |
| 18683 | Diagnostic | |
| 18684 | Diagnostic | |
| 18685 | Diagnostic | |
| 18686 | Diagnostic | |
| 18687 | Diagnostic | |
| 18688 | Diagnostic | |
| 18689 | Diagnostic | |
| 18690 | Diagnostic | |
| 18691 | Diagnostic | |
| 18692 | Diagnostic | |
| 18693 | Diagnostic | |
| 18694 | Diagnostic | |
| 18695 | Diagnostic | |
| 18696 | Diagnostic | |
| 18697 | Diagnostic | |
| 18698 | Diagnostic | |
| 18699 | Diagnostic | |
| 18700 | Diagnostic | |
| 18701 | Diagnostic | |
| 18702 | Diagnostic | |
| 18703 | Diagnostic | |
| 18705 | Diagnostic | |
| 18707 | Diagnostic | |
| 18708 | Diagnostic | |
| 18709 | Diagnostic | |
| 18710 | Diagnostic | |
| 18711 | Diagnostic | |
| 18712 | Diagnostic | |
| 18713 | Diagnostic | |
| 18714 | Diagnostic | |
| 18715 | Diagnostic | |
| 18716 | Diagnostic | |
| 18717 | Diagnostic | |
| 18718 | Diagnostic | |
| 18719 | Diagnostic | |
| 18720 | Diagnostic | |
| 18721 | Diagnostic | |
| 18722 | Diagnostic | |
| 18723 | Diagnostic | |
| 18724 | Diagnostic | |
| 18725 | Diagnostic | |
| 18726 | Diagnostic | |
| 18727 | Diagnostic | |
| 18728 | Diagnostic | |
| 18729 | Diagnostic | |
| 18730 | Diagnostic | |
| 18731 | Diagnostic | |
| 18732 | Diagnostic | |
| 18733 | Diagnostic | |
| 18734 | Diagnostic | |
| 18735 | Diagnostic | |
| 18736 | Diagnostic | |
| 18737 | Diagnostic | |
| 18738 | Diagnostic | |
| 18739 | Diagnostic | |
| 18740 | Diagnostic | |
| 18741 | Diagnostic | |
| 18742 | Diagnostic | |
| 18743 | Diagnostic | |
| 18745 | Diagnostic | |
| 18747 | Diagnostic | |
| 18749 | Diagnostic | |
| 18751 | Diagnostic | |
| 18752 | Diagnostic | |
| 18753 | Diagnostic | |
| 18755 | Diagnostic | |
| 18761 | Diagnostic | |
| 18762 | Diagnostic | |
| 18763 | Diagnostic | |
| 18764 | Diagnostic | |
| 18765 | Diagnostic | |
| 18766 | Diagnostic | |
| 18767 | Diagnostic | |
| 18768 | Diagnostic | |
| 18769 | Diagnostic | |
| 18770 | Diagnostic | |
| 18771 | Diagnostic | |
| 18773 | Diagnostic | |
| 18775 | Diagnostic | |
| 18776 | Diagnostic | |
| 18777 | Diagnostic | |
| 18778 | Diagnostic | |
| 18779 | Diagnostic | |
| 18780 | Diagnostic | |
| 18781 | Diagnostic | |
| 18782 | Diagnostic | |
| 18783 | Diagnostic | |
| 18784 | Diagnostic | |
| 18787 | Diagnostic | |
| 18788 | Diagnostic | |
| 18789 | Diagnostic | |
| 18790 | Diagnostic | |
| 18791 | Diagnostic | |
| 18792 | Diagnostic | |
| 18793 | Diagnostic | |
| 18794 | Diagnostic | |
| 18795 | Diagnostic | |
| 18796 | Diagnostic | |
| 18797 | Diagnostic | |
| 18798 | Diagnostic | |
| 18799 | Diagnostic | |
| 18800 | Diagnostic | |
| 18801 | Diagnostic | |
| 18802 | Diagnostic | |
| 18803 | Diagnostic | |
| 18804 | Diagnostic | |
| 18805 | Diagnostic | |
| 18806 | Diagnostic | |
| 18807 | Diagnostic | |
| 18809 | Diagnostic | |
| 18810 | Diagnostic | |
| 18811 | Diagnostic | |
| 18812 | Diagnostic | |
| 18813 | Diagnostic | |
| 18814 | Diagnostic | |
| 18815 | Diagnostic | |
| 18816 | Diagnostic | |
| 18817 | Diagnostic | |
| 18818 | Diagnostic | |
| 18819 | Diagnostic | |
| 18820 | Diagnostic | |
| 18821 | Diagnostic | |
| 18823 | Diagnostic | |
| 18825 | Diagnostic | |
| 18826 | Diagnostic | |
| 18827 | Diagnostic | |
| 18828 | Diagnostic | |
| 18829 | Diagnostic | |
| 18830 | Diagnostic | |
| 18831 | Diagnostic | |
| 18832 | Diagnostic | |
| 18833 | Diagnostic | |
| 18834 | Diagnostic | |
| 18835 | Diagnostic | |
| 18836 | Diagnostic | |
| 18837 | Diagnostic | |
| 18838 | Diagnostic | |
| 18841 | Diagnostic | |
| 18843 | Diagnostic | |
| 18844 | Diagnostic | |
| 18845 | Diagnostic | |
| 18847 | Diagnostic | |
| 18848 | Diagnostic | |
| 18849 | Diagnostic | |
| 18850 | Diagnostic | |
| 18851 | Diagnostic | |
| 18852 | Diagnostic | |
| 18853 | Diagnostic | |
| 18855 | Diagnostic | |
| 18857 | Diagnostic | |
| 18858 | Diagnostic | |
| 18859 | Diagnostic | |
| 18860 | Diagnostic | |
| 18861 | Diagnostic | |
| 18862 | Diagnostic | |
| 18863 | Diagnostic | |
| 18864 | Diagnostic | |
| 18865 | Diagnostic | |
| 18867 | Diagnostic | |
| 18868 | Diagnostic | |
| 18869 | Diagnostic | |
| 18870 | Diagnostic | |
| 18871 | Diagnostic | |
| 18873 | Diagnostic | |
| 18875 | Diagnostic | |
| 18877 | Diagnostic | |
| 18878 | Diagnostic | |
| 18879 | Diagnostic | |
| 18880 | Diagnostic | |
| 18881 | Diagnostic | |
| 18882 | Diagnostic | |
| 18883 | Diagnostic | |
| 18884 | Diagnostic | |
| 18885 | Diagnostic | |
| 18886 | Diagnostic | |
| 18887 | Diagnostic | |
| 18888 | Diagnostic | |
| 18889 | Diagnostic | |
| 18901 | Diagnostic | |
| 18902 | Diagnostic | |
| 18903 | Diagnostic | |
| 18905 | Diagnostic | |
| 18907 | Diagnostic | |
| 18909 | Diagnostic | |
| 18911 | Diagnostic | |
| 18913 | Diagnostic | |
| 18915 | Diagnostic | |
| 18917 | Diagnostic | |
| 18918 | Diagnostic | |
| 18919 | Diagnostic | |
| 18920 | Diagnostic | |
| 18921 | Diagnostic | |
| 18922 | Diagnostic | |
| 18923 | Diagnostic | |
| 18924 | Diagnostic | |
| 18925 | Diagnostic | |
| 18927 | Diagnostic | |
| 18929 | Diagnostic | |
| 18931 | Diagnostic | |
| 18932 | Diagnostic | |
| 18933 | Diagnostic | |
| 18934 | Diagnostic | |
| 18935 | Diagnostic | |
| 18936 | Diagnostic | |
| 18937 | Diagnostic | |
| 18939 | Diagnostic | |
| 18941 | Diagnostic | |
| 18943 | Diagnostic | |
| 18950 | Diagnostic | |
| 18951 | Diagnostic | |
| 18952 | Diagnostic | |
| 18953 | Diagnostic | |
| 18954 | Diagnostic | |
| 18955 | Diagnostic | |
| 18956 | Diagnostic | |
| 18957 | Diagnostic | |
| 18958 | Diagnostic | |
| 18959 | Diagnostic | |
| 18960 | Diagnostic | |
| 18961 | Diagnostic | |
| 18962 | Diagnostic | |
| 18963 | Diagnostic | |
| 18964 | Diagnostic | |
| 18970 | Diagnostic | |
| 18972 | Diagnostic | |
| 18974 | Diagnostic | |
| 18976 | Diagnostic | |
| 18978 | Diagnostic | |
| 18980 | Diagnostic | |
| 19001 | Diagnostic | |
| 19002 | Diagnostic | |
| 19003 | Diagnostic | |
| 19004 | Diagnostic | |
| 19005 | Diagnostic | |
| 19006 | Diagnostic | |
| 19007 | Diagnostic | |
| 19101 | Diagnostic | |
| 19201 | Diagnostic | |
| 19203 | Diagnostic | |
| 19205 | Diagnostic | |
| 19207 | Diagnostic | |
| 19209 | Diagnostic | |
| 19211 | Diagnostic | |
| 19401 | Diagnostic | |
| 19403 | Diagnostic | |
| 19405 | Diagnostic | |
| 19407 | Diagnostic | |
| 19409 | Diagnostic | |
| 19411 | Diagnostic | |
| 19413 | Diagnostic | |
| 19415 | Diagnostic | |
| 19417 | Diagnostic | |
| 19419 | Diagnostic | |
| 19421 | Diagnostic | |
| 19423 | Diagnostic | |
| 19425 | Diagnostic | |
| 19427 | Diagnostic | |
| 19429 | Diagnostic | |
| 19431 | Diagnostic | |
| 19433 | Diagnostic | |
| 19435 | Diagnostic | |
| 19437 | Diagnostic | |
| 19439 | Diagnostic | |
| 19441 | Diagnostic | |
| 19443 | Diagnostic | |
| 19501 | Diagnostic | |
| 19502 | Diagnostic | |
| 19503 | Diagnostic | |
| 19504 | Diagnostic | |
| 19601 | Diagnostic | |
| 19602 | Diagnostic | |
| 19603 | Diagnostic | |
| 19604 | Diagnostic | |
| 19605 | Diagnostic | |
| 19606 | Diagnostic | |
| 19607 | Diagnostic | |
| 19608 | Diagnostic | |
| 19611 | Diagnostic | |
| 19613 | Diagnostic | |
| 19615 | Diagnostic | |
| 19617 | Diagnostic | |
| 19619 | Diagnostic | |
| 19621 | Diagnostic | |
| 19623 | Diagnostic | |
| 19625 | Diagnostic | |
| 19627 | Diagnostic | |
| 19628 | Diagnostic | |
| 19635 | Diagnostic | |
| 19636 | Diagnostic | |
| 19801 | Diagnostic | |
| 19803 | Diagnostic | |
| 19804 | Diagnostic | |
| 19805 | Diagnostic | |
| 19900 | Diagnostic | |
| 20001 | Diagnostic | |
| 20002 | Diagnostic | |
| 20003 | Diagnostic | |
| 20004 | Diagnostic | |
| 20005 | Diagnostic | |
| 20006 | Diagnostic | |
| 20007 | Diagnostic | |
| 20009 | Diagnostic | |
| 20011 | Diagnostic | |
| 20013 | Diagnostic | |
| 20015 | Diagnostic | |
| 20017 | Diagnostic | |
| 20019 | Diagnostic | |
| 20021 | Diagnostic | |
| 20023 | Diagnostic | |
| 20025 | Diagnostic | |
| 20027 | Diagnostic | |
| 20029 | Diagnostic | |
| 20031 | Diagnostic | |
| 20033 | Diagnostic | |
| 20035 | Diagnostic | |
| 20037 | Diagnostic | |
| 20039 | Diagnostic | |
| 20041 | Diagnostic | |
| 20043 | Diagnostic | |
| 20045 | Diagnostic | |
| 20047 | Diagnostic | |
| 20049 | Diagnostic | |
| 20051 | Diagnostic | |
| 20053 | Diagnostic | |
| 20055 | Diagnostic | |
| 20057 | Diagnostic | |
| 20059 | Diagnostic | |
| 20061 | Diagnostic | |
| 20063 | Diagnostic | |
| 20065 | Diagnostic | |
| 20066 | Diagnostic | |
| 20067 | Diagnostic | |
| 20068 | Diagnostic | |
| 20069 | Diagnostic | |
| 20070 | Diagnostic | |
| 20071 | Diagnostic | |
| 20072 | Diagnostic | |
| 20073 | Diagnostic | |
| 20075 | Diagnostic | |
| 20076 | Diagnostic | |
| 20102 | Diagnostic | |
| 20103 | Diagnostic | |
| 20104 | Diagnostic | |
| 20105 | Diagnostic | |
| 20106 | Diagnostic | |
| 20107 | Diagnostic | |
| 20108 | Diagnostic | |
| 20109 | Diagnostic | |
| 20111 | Diagnostic | |
| 20112 | Diagnostic | |
| 20900 | Diagnostic | |
| 20901 | Diagnostic | |
| 20902 | Diagnostic | |
| 20903 | Diagnostic | |
| 20905 | Diagnostic | |
| 20906 | Diagnostic | |
| 20907 | Diagnostic | |
| 20908 | Diagnostic | |
| 20909 | Diagnostic | |
| 20910 | Diagnostic | |
| 20911 | Diagnostic | |
| 20912 | Diagnostic | |
| 20914 | Diagnostic | |
| 20915 | Diagnostic | |
| 20916 | Diagnostic | |
| 20917 | Diagnostic | |
| 20918 | Diagnostic | |
| 20919 | Diagnostic | |
| 20920 | Diagnostic | |
| 20921 | Diagnostic | |
| 21001 | Diagnostic | |
| 21002 | Diagnostic | |
| 21003 | Diagnostic | |
| 21004 | Diagnostic | |
| 21005 | Diagnostic | |
| 21006 | Diagnostic | |
| 21007 | Diagnostic | |
| 21009 | Diagnostic | |
| 21011 | Diagnostic | |
| 21013 | Diagnostic | |
| 21015 | Diagnostic | |
| 21017 | Diagnostic | |
| 21018 | Diagnostic | |
| 22001 | Diagnostic | |
| 22002 | Diagnostic | |
| 22003 | Diagnostic | |
| 22004 | Diagnostic | |
| 22005 | Diagnostic | |
| 22006 | Diagnostic | |
| 22007 | Diagnostic | |
| 22009 | Diagnostic | |
| 22011 | Diagnostic | |
| 22013 | Diagnostic | |
| 22014 | Diagnostic | |
| 22015 | Diagnostic | |
| 22017 | Diagnostic | |
| 22018 | Diagnostic | |
| 22019 | Diagnostic | |
| 22020 | Diagnostic | |
| 22021 | Diagnostic | |
| 22022 | Diagnostic | |
| 22023 | Diagnostic | |
| 22025 | Diagnostic | |
| 22026 | Diagnostic | |
| 22027 | Diagnostic | |
| 22028 | Diagnostic | |
| 22029 | Diagnostic | |
| 22030 | Diagnostic | |
| 22031 | Diagnostic | |
| 22032 | Diagnostic | |
| 22033 | Diagnostic | |
| 22034 | Diagnostic | |
| 22035 | Diagnostic | |
| 22036 | Diagnostic | |
| 22037 | Diagnostic | |
| 22038 | Diagnostic | |
| 22039 | Diagnostic | |
| 22040 | Diagnostic | |
| 22041 | Diagnostic | |
| 22042 | Diagnostic | |
| 22043 | Diagnostic | |
| 22044 | Diagnostic | |
| 22045 | Diagnostic | |
| 22046 | Diagnostic | |
| 22047 | Diagnostic | |
| 22048 | Diagnostic | |
| 22049 | Diagnostic | |
| 22050 | Diagnostic | |
| 22051 | Diagnostic | |
| 22052 | Diagnostic | |
| 22053 | Diagnostic | |
| 22054 | Diagnostic | |
| 22055 | Diagnostic | |
| 22056 | Diagnostic | |
| 22057 | Diagnostic | |
| 22058 | Diagnostic | |
| 22059 | Diagnostic | |
| 22060 | Diagnostic | |
| 22061 | Diagnostic | |
| 22062 | Diagnostic | |
| 22063 | Diagnostic | |
| 22064 | Diagnostic | |
| 22065 | Diagnostic | |
| 22066 | Diagnostic | |
| 22067 | Diagnostic | |
| 22068 | Diagnostic | |
| 22069 | Diagnostic | |
| 22070 | Diagnostic | |
| 22071 | Diagnostic | |
| 22072 | Diagnostic | |
| 22073 | Diagnostic | |
| 22074 | Diagnostic | |
| 22075 | Diagnostic | |
| 22076 | Diagnostic | |
| 22077 | Diagnostic | |
| 22078 | Diagnostic | |
| 22079 | Diagnostic | |
| 22080 | Diagnostic | |
| 22081 | Diagnostic | |
| 22082 | Operational | |
| 22083 | Operational | |
| 23001 | Diagnostic | |
| 23002 | Diagnostic | |
| 23003 | Diagnostic | |
| 23004 | Diagnostic | |
| 23005 | Diagnostic | |
| 23006 | Diagnostic | |
| 23007 | Diagnostic | |
| 23008 | Diagnostic | |
| 23009 | Diagnostic | |
| 23010 | Diagnostic | |
| 23011 | Diagnostic | |
| 23012 | Diagnostic | |
| 23013 | Diagnostic | |
| 23101 | Diagnostic | |
| 23110 | Diagnostic | |
| 23111 | Diagnostic | |
| 23201 | Diagnostic | |
| 23203 | Diagnostic | |
| 23205 | Diagnostic | |
| 26001 | Diagnostic | |
| 26002 | Diagnostic | |
| 26003 | Diagnostic | |
| 26004 | Diagnostic | |
| 26005 | Diagnostic | |
| 26006 | Diagnostic | |
| 26007 | Diagnostic | |
| 26009 | Diagnostic | |
| 26010 | Diagnostic | |
| 26011 | Diagnostic | |
| 27002 | Diagnostic | |
| 27004 | Diagnostic | |
| 27005 | Diagnostic | |
| 27006 | Diagnostic | |
| 27007 | Diagnostic | |
| 27008 | Diagnostic | |
| 27009 | Diagnostic | |
| 27010 | Diagnostic | |
| 27011 | Diagnostic | |
| 27012 | Diagnostic | |
| 27013 | Diagnostic | |
| 27014 | Diagnostic | |
| 27015 | Diagnostic | |
| 27016 | Diagnostic | |
| 27018 | Diagnostic | |
| 27020 | Diagnostic | |
| 27022 | Diagnostic | |
| 27024 | Diagnostic | |
| 27026 | Diagnostic | |
| 27028 | Diagnostic | |
| 27030 | Diagnostic | |
| 27032 | Diagnostic | |
| 27034 | Diagnostic | |
| 27036 | Diagnostic | |
| 27038 | Diagnostic | |
| 27040 | Diagnostic | |
| 27042 | Diagnostic | |
| 27044 | Diagnostic | |
| 27046 | Diagnostic | |
| 27048 | Diagnostic | |
| 27050 | Diagnostic | |
| 27052 | Diagnostic | |
| 27054 | Diagnostic | |
| 27056 | Diagnostic | |
| 27058 | Diagnostic | |
| 27060 | Diagnostic | |
| 27062 | Diagnostic | |
| 27064 | Diagnostic | |
| 27078 | Diagnostic | |
| 27080 | Diagnostic | |
| 27082 | Diagnostic | |
| 27084 | Diagnostic | |
| 27086 | Diagnostic | |
| 27088 | Diagnostic | |
| 27090 | Diagnostic | |
| 27092 | Diagnostic | |
| 27094 | Diagnostic | |
| 27096 | Diagnostic | |
| 27098 | Diagnostic | |
| 27100 | Diagnostic | |
| 27102 | Diagnostic | |
| 27104 | Diagnostic | |
| 27106 | Diagnostic | |
| 27108 | Diagnostic | |
| 27110 | Diagnostic | |
| 27112 | Diagnostic | |
| 27114 | Diagnostic | |
| 27116 | Diagnostic | |
| 27118 | Diagnostic | |
| 27120 | Diagnostic | |
| 27122 | Diagnostic | |
| 27124 | Diagnostic | |
| 27126 | Diagnostic | |
| 27128 | Diagnostic | |
| 27142 | Diagnostic | |
| 27144 | Diagnostic | |
| 27145 | Diagnostic | |
| 27146 | Diagnostic | |
| 27147 | Diagnostic | |
| 27148 | Diagnostic | |
| 27149 | Diagnostic | |
| 27151 | Diagnostic | |
| 27152 | Diagnostic | |
| 27153 | Diagnostic | |
| 27154 | Diagnostic | |
| 27155 | Diagnostic | |
| 27156 | Diagnostic | |
| 27157 | Diagnostic | |
| 27158 | Diagnostic | |
| 27159 | Diagnostic | |
| 27160 | Diagnostic | |
| 27161 | Diagnostic | |
| 27162 | Diagnostic | |
| 27163 | Diagnostic | |
| 27164 | Diagnostic | |
| 27165 | Diagnostic | |
| 27166 | Diagnostic | |
| 27168 | Diagnostic | |
| 27170 | Diagnostic | |
| 27172 | Diagnostic | |
| 27173 | Diagnostic | |
| 27174 | Diagnostic | |
| 27176 | Diagnostic | |
| 27178 | Diagnostic | |
| 27180 | Diagnostic | |
| 27182 | Diagnostic | |
| 27184 | Diagnostic | |
| 27186 | Diagnostic | |
| 27188 | Diagnostic | |
| 27190 | Diagnostic | |
| 27191 | Diagnostic | |
| 27192 | Diagnostic | |
| 27193 | Diagnostic | |
| 27194 | Diagnostic | |
| 27195 | Diagnostic | |
| 27196 | Diagnostic | |
| 27197 | Diagnostic | |
| 27198 | Diagnostic | |
| 27199 | Diagnostic | |
| 27200 | Diagnostic | |
| 27202 | Diagnostic | |
| 27203 | Diagnostic | |
| 27204 | Diagnostic | |
| 27206 | Diagnostic | |
| 27208 | Diagnostic | |
| 27209 | Diagnostic | |
| 27210 | Diagnostic | |
| 27211 | Diagnostic | |
| 27212 | Diagnostic | |
| 27213 | Diagnostic | |
| 27214 | Diagnostic | |
| 27215 | Diagnostic | |
| 27216 | Diagnostic | |
| 27217 | Diagnostic | |
| 27218 | Diagnostic | |
| 27221 | Diagnostic | |
| 27222 | Diagnostic | |
| 27223 | Diagnostic | |
| 27224 | Diagnostic | |
| 27226 | Diagnostic | |
| 27227 | Diagnostic | |
| 27229 | Diagnostic | |
| 27230 | Diagnostic | |
| 27231 | Diagnostic | |
| 27233 | Diagnostic | |
| 27234 | Diagnostic | |
| 27235 | Diagnostic | |
| 27236 | Diagnostic | |
| 27237 | Diagnostic | |
| 27238 | Diagnostic | |
| 27239 | Diagnostic | |
| 27240 | Diagnostic | |
| 27241 | Diagnostic | |
| 27242 | Diagnostic | |
| 27243 | Diagnostic | |
| 27244 | Diagnostic | |
| 27248 | Diagnostic | |
| 27250 | Diagnostic | |
| 27252 | Diagnostic | |
| 27254 | Diagnostic | |
| 27255 | Diagnostic | |
| 27256 | Diagnostic | |
| 27257 | Diagnostic | |
| 28003 | Diagnostic | |
| 28004 | Diagnostic | |
| 28017 | AppResolver Scan Started. | Operational |
| 28018 | AppResolver Scan Stopped. | Operational |
| 28019 | AppResolver Cache Committed. | Operational |
| 28025 | Diagnostic | |
| 28026 | Diagnostic | |
| 28027 | Diagnostic | |
| 28028 | Diagnostic | |
| 28029 | Diagnostic | |
| 28030 | Diagnostic | |
| 28031 | Diagnostic | |
| 28032 | AppResolver has parsed the visual elements manifest for a tile. | Operational |
| 28101 | Diagnostic | |
| 28103 | Diagnostic | |
| 28105 | Diagnostic | |
| 28107 | Diagnostic | |
| 28109 | Application AppID state changed from OldState to NewState due to package … | Operational |
| 28111 | Application AppID state changed from OldState to NewState due to package … | Operational |
| 28113 | Change notified on {Filename} with event {Event}. | Operational |
| 28115 | Shortcut for application Name with ID AppID and flags Flags is added to app … | Operational |
| 28116 | Shortcut for application Name with ID AppID and flags Flags is removed from app … | Operational |
| 28117 | Shortcut for application Name with ID AppID and flags Flags is updated in app … | Operational |
| 28119 | Start screen loaded layout which contains Groups groups and Tiles tiles … | Operational |
| 28121 | Start screen loaded persisted layout which contains {Groups} groups and {Tiles} … | Operational |
| 28123 | Updated start screen layout: ItemsExisting items initially; ItemsAdded added; … | Operational |
| 28125 | Starting to refresh app resolver cache for scenario Scenario with flags Flags. | Operational |
| 28127 | Operational | |
| 28189 | Diagnostic | |
| 28191 | Diagnostic | |
| 28193 | Diagnostic | |
| 28195 | Diagnostic | |
| 50001 | Diagnostic | |
| 50002 | Diagnostic | |
| 50101 | Diagnostic | |
| 50102 | Diagnostic | |
| 50103 | Diagnostic | |
| 50104 | Diagnostic | |
| 50105 | Diagnostic | |
| 50106 | Diagnostic | |
| 50107 | Diagnostic | |
| 50108 | Diagnostic | |
| 50201 | Diagnostic | |
| 50202 | Diagnostic | |
| 50203 | Diagnostic | |
| 50204 | Diagnostic | |
| 50205 | Diagnostic | |
| 50206 | Diagnostic | |
| 50207 | Diagnostic | |
| 50208 | Diagnostic | |
| 50209 | Diagnostic | |
| 50210 | Diagnostic | |
| 50211 | Diagnostic | |
| 60000 | Diagnostic | |
| 60001 | Diagnostic | |
| 60002 | Diagnostic | |
| 60003 | Diagnostic | |
| 60004 | Diagnostic | |
| 60005 | Diagnostic | |
| 60006 | Diagnostic | |
| 60007 | Diagnostic | |
| 60008 | Diagnostic | |
| 60009 | Diagnostic | |
| 60010 | Diagnostic | |
| 60011 | Diagnostic | |
| 60012 | Diagnostic | |
| 60013 | Diagnostic | |
| 60014 | Diagnostic | |
| 60015 | Diagnostic | |
| 60016 | Diagnostic | |
| 60017 | Diagnostic | |
| 60018 | Diagnostic | |
| 60019 | Diagnostic | |
| 60020 | Diagnostic | |
| 60021 | Diagnostic | |
| 60022 | Diagnostic | |
| 60023 | Diagnostic | |
| 60025 | Diagnostic | |
| 60026 | Diagnostic | |
| 60027 | Diagnostic | |
| 60028 | Diagnostic | |
| 60029 | Diagnostic | |
| 60030 | Diagnostic | |
| 60031 | Diagnostic | |
| 60032 | Diagnostic | |
| 60033 | Diagnostic | |
| 60034 | Diagnostic | |
| 60035 | Diagnostic | |
| 60036 | Diagnostic | |
| 60037 | Diagnostic | |
| 60101 | Diagnostic | |
| 60102 | Diagnostic | |
| 60103 | Diagnostic | |
| 60104 | Diagnostic | |
| 60105 | Diagnostic | |
| 60106 | Diagnostic | |
| 60107 | Diagnostic | |
| 60108 | Diagnostic | |
| 60109 | Diagnostic | |
| 60110 | Diagnostic | |
| 60111 | Diagnostic | |
| 60112 | Diagnostic | |
| 60113 | Diagnostic | |
| 60114 | Diagnostic | |
| 60115 | Diagnostic | |
| 60116 | Diagnostic | |
| 60117 | Diagnostic | |
| 60118 | Diagnostic | |
| 60119 | Diagnostic | |
| 60120 | Diagnostic | |
| 60201 | Diagnostic | |
| 60202 | Diagnostic | |
| 60203 | Diagnostic | |
| 60204 | Diagnostic | |
| 60205 | Diagnostic | |
| 60206 | Diagnostic | |
| 60213 | Diagnostic | |
| 60214 | Diagnostic | |
| 60215 | Diagnostic | |
| 60216 | Diagnostic | |
| 60217 | Diagnostic | |
| 60218 | Diagnostic | |
| 60219 | Diagnostic | |
| 60220 | Diagnostic | |
| 60221 | Diagnostic | |
| 60222 | Diagnostic | |
| 60301 | Diagnostic | |
| 60302 | Diagnostic | |
| 60303 | Diagnostic | |
| 60304 | Diagnostic | |
| 60305 | Diagnostic | |
| 60306 | Diagnostic | |
| 60307 | Diagnostic | |
| 60308 | Diagnostic | |
| 60309 | Diagnostic | |
| 60310 | Diagnostic | |
| 60311 | Diagnostic | |
| 60312 | Diagnostic | |
| 60401 | Diagnostic | |
| 60501 | Diagnostic | |
| 60503 | Diagnostic | |
| 60601 | Diagnostic | |
| 60603 | Diagnostic | |
| 60604 | Diagnostic | |
| 60605 | Diagnostic | |
| 60606 | Diagnostic | |
| 60607 | Diagnostic | |
| 60609 | Diagnostic | |
| 60610 | Diagnostic | |
| 60611 | Diagnostic | |
| 60612 | Diagnostic | |
| 60613 | Diagnostic | |
| 60614 | Diagnostic | |
| 60615 | Diagnostic | |
| 60616 | Diagnostic | |
| 60617 | Diagnostic | |
| 60618 | Diagnostic | |
| 60619 | Diagnostic | |
| 60620 | Diagnostic | |
| 60621 | Diagnostic | |
| 60622 | Diagnostic | |
| 60623 | Diagnostic | |
| 60624 | Diagnostic | |
| 60625 | Diagnostic | |
| 60626 | Diagnostic | |
| 60627 | Diagnostic | |
| 60628 | Diagnostic | |
| 60629 | Diagnostic | |
| 60631 | Diagnostic | |
| 60632 | Diagnostic | |
| 60633 | Diagnostic | |
| 60634 | Diagnostic | |
| 60635 | Diagnostic | |
| 60636 | Diagnostic | |
| 60637 | Diagnostic | |
| 60638 | Diagnostic | |
| 60639 | Diagnostic | |
| 60640 | Diagnostic | |
| 60641 | Diagnostic | |
| 60643 | Diagnostic | |
| 60644 | Diagnostic | |
| 60645 | Diagnostic | |
| 60646 | Diagnostic | |
| 60647 | Diagnostic | |
| 60648 | Diagnostic | |
| 60649 | Diagnostic | |
| 60650 | Diagnostic | |
| 60651 | Diagnostic | |
| 60652 | Diagnostic | |
| 60653 | Diagnostic | |
| 60655 | Diagnostic | |
| 60657 | Diagnostic | |
| 60659 | Diagnostic | |
| 60661 | Diagnostic | |
| 60701 | Diagnostic | |
| 60702 | Diagnostic | |
| 60705 | Diagnostic | |
| 60706 | Diagnostic | |
| 60707 | Diagnostic | |
| 60708 | Diagnostic | |
| 60709 | Diagnostic | |
| 60710 | Diagnostic | |
| 60711 | Diagnostic | |
| 60712 | Diagnostic | |
| 60713 | Diagnostic | |
| 60714 | Diagnostic | |
| 60715 | Diagnostic | |
| 60716 | Diagnostic | |
| 60751 | Diagnostic | |
| 60752 | Diagnostic | |
| 60753 | Diagnostic | |
| 60754 | Diagnostic | |
| 60755 | Diagnostic | |
| 60756 | Diagnostic | |
| 60757 | Diagnostic | |
| 60758 | Diagnostic | |
| 60759 | Diagnostic | |
| 60760 | Diagnostic | |
| 60801 | Diagnostic | |
| 60802 | Diagnostic | |
| 60803 | Diagnostic | |
| 60804 | Diagnostic | |
| 60805 | Diagnostic | |
| 60806 | Diagnostic | |
| 60807 | Diagnostic | |
| 60808 | Diagnostic | |
| 60809 | Diagnostic | |
| 60810 | Diagnostic | |
| 60811 | Diagnostic | |
| 60812 | Diagnostic | |
| 60813 | Diagnostic | |
| 60814 | Diagnostic | |
| 60815 | Diagnostic | |
| 60816 | Diagnostic | |
| 60817 | Diagnostic | |
| 60818 | Diagnostic | |
| 60819 | Diagnostic | |
| 60820 | Diagnostic | |
| 60821 | Diagnostic | |
| 60822 | Diagnostic | |
| 60823 | Diagnostic | |
| 60824 | Diagnostic | |
| 60825 | Diagnostic | |
| 60826 | Diagnostic | |
| 60901 | Diagnostic | |
| 60902 | Diagnostic | |
| 60903 | Diagnostic | |
| 60904 | Diagnostic | |
| 60905 | Diagnostic | |
| 60906 | Diagnostic | |
| 60907 | Diagnostic | |
| 60908 | Diagnostic | |
| 60909 | Diagnostic | |
| 60910 | Diagnostic | |
| 60911 | Diagnostic | |
| 60912 | Diagnostic | |
| 60913 | Diagnostic | |
| 60914 | Diagnostic | |
| 60915 | Diagnostic | |
| 61001 | Diagnostic | |
| 61002 | Diagnostic | |
| 61003 | Diagnostic | |
| 61004 | Diagnostic | |
| 61005 | Diagnostic | |
| 61006 | Diagnostic | |
| 61201 | Diagnostic | |
| 61202 | Diagnostic | |
| 61203 | Diagnostic | |
| 61204 | Diagnostic | |
| 61205 | Diagnostic | |
| 61206 | Diagnostic | |
| 61210 | Diagnostic | |
| 61211 | Diagnostic | |
| 61212 | Diagnostic | |
| 61213 | Diagnostic | |
| 61214 | Diagnostic | |
| 61220 | Diagnostic | |
| 61221 | Diagnostic | |
| 61301 | Diagnostic | |
| 61302 | Diagnostic | |
| 61303 | Diagnostic | |
| 61320 | Diagnostic | |
| 61321 | Diagnostic | |
| 61322 | Diagnostic | |
| 61323 | Diagnostic | |
| 61324 | Diagnostic | |
| 61325 | Diagnostic | |
| 61326 | Diagnostic | |
| 61327 | Diagnostic | |
| 61340 | Diagnostic | |
| 61341 | Diagnostic | |
| 61342 | Diagnostic | |
| 61343 | Diagnostic | |
| 61344 | Diagnostic | |
| 61345 | Diagnostic | |
| 61346 | Diagnostic | |
| 61347 | Diagnostic | |
| 61348 | Diagnostic | |
| 61349 | Diagnostic | |
| 61350 | Diagnostic | |
| 61351 | Diagnostic | |
| 61352 | Diagnostic | |
| 61353 | Diagnostic | |
| 61354 | Diagnostic | |
| 61355 | Diagnostic | |
| 61356 | Diagnostic | |
| 61357 | Diagnostic | |
| 61358 | Diagnostic | |
| 61360 | Diagnostic | |
| 61361 | Diagnostic | |
| 61364 | Diagnostic | |
| 61365 | Diagnostic | |
| 61366 | Diagnostic | |
| 61367 | Diagnostic | |
| 61368 | Diagnostic | |
| 61369 | Diagnostic | |
| 61370 | Diagnostic | |
| 61371 | Diagnostic | |
| 61372 | Diagnostic | |
| 61373 | Diagnostic | |
| 61374 | Diagnostic | |
| 61375 | Diagnostic | |
| 61376 | Diagnostic | |
| 61377 | Diagnostic | |
| 61380 | Diagnostic | |
| 61381 | Diagnostic | |
| 61386 | Diagnostic | |
| 61387 | Diagnostic | |
| 61390 | Diagnostic | |
| 61391 | Diagnostic | |
| 61400 | Diagnostic | |
| 61401 | Diagnostic | |
| 61410 | Diagnostic | |
| 61411 | Diagnostic | |
| 61412 | Diagnostic | |
| 61413 | Diagnostic | |
| 61414 | Diagnostic | |
| 61415 | Diagnostic | |
| 61420 | Diagnostic | |
| 61421 | Diagnostic | |
| 61422 | Diagnostic | |
| 61423 | Diagnostic | |
| 61424 | Diagnostic | |
| 61425 | Diagnostic | |
| 61426 | Diagnostic | |
| 61427 | Diagnostic | |
| 61428 | Diagnostic | |
| 61429 | Diagnostic | |
| 61430 | Diagnostic | |
| 61431 | Diagnostic | |
| 61432 | Diagnostic | |
| 61433 | Diagnostic | |
| 61434 | Diagnostic | |
| 61435 | Diagnostic | |
| 61436 | Diagnostic | |
| 61437 | Diagnostic | |
| 61438 | Diagnostic | |
| 61439 | Diagnostic | |
| 61440 | Diagnostic | |
| 61441 | Diagnostic | |
| 61442 | Diagnostic | |
| 61443 | Diagnostic | |
| 61444 | Diagnostic | |
| 61445 | Diagnostic | |
| 61446 | Diagnostic | |
| 61448 | Diagnostic | |
| 61449 | Diagnostic | |
| 61450 | Diagnostic | |
| 61451 | Diagnostic | |
| 61452 | Diagnostic | |
| 61453 | Diagnostic | |
| 61454 | Diagnostic | |
| 61455 | Diagnostic | |
| 61456 | Diagnostic | |
| 61457 | Diagnostic | |
| 61460 | Diagnostic | |
| 61461 | Diagnostic | |
| 61462 | Diagnostic | |
| 61463 | Diagnostic | |
| 61464 | Diagnostic | |
| 61465 | Diagnostic | |
| 61501 | Diagnostic | |
| 61502 | Diagnostic | |
| 61503 | Diagnostic | |
| 61504 | Diagnostic | |
| 61505 | Diagnostic | |
| 61506 | Diagnostic | |
| 61600 | Diagnostic | |
| 61601 | Diagnostic | |
| 61602 | Diagnostic | |
| 61603 | Diagnostic | |
| 61604 | Diagnostic | |
| 61605 | Diagnostic | |
| 61606 | Diagnostic | |
| 61607 | Diagnostic | |
| 61608 | Diagnostic | |
| 61609 | Diagnostic | |
| 61610 | Diagnostic | |
| 61611 | Diagnostic | |
| 61612 | Diagnostic | |
| 61613 | Diagnostic | |
| 61614 | Diagnostic | |
| 61615 | Diagnostic | |
| 61616 | Diagnostic | |
| 61617 | Diagnostic | |
| 61618 | Diagnostic | |
| 61619 | Diagnostic | |
| 61620 | Diagnostic | |
| 61621 | Diagnostic | |
| 61622 | Diagnostic | |
| 61623 | Diagnostic | |
| 61624 | Diagnostic | |
| 61625 | Diagnostic | |
| 61626 | Diagnostic | |
| 61627 | Diagnostic | |
| 61628 | Diagnostic | |
| 61629 | Diagnostic | |
| 61630 | Diagnostic | |
| 61631 | Diagnostic | |
| 61632 | Diagnostic | |
| 61633 | Diagnostic | |
| 61634 | Diagnostic | |
| 61635 | Diagnostic | |
| 61636 | Diagnostic | |
| 61637 | Diagnostic | |
| 61638 | Diagnostic | |
| 61639 | Diagnostic | |
| 61640 | Diagnostic | |
| 61641 | Diagnostic | |
| 61642 | Diagnostic | |
| 61643 | Diagnostic | |
| 61644 | Diagnostic | |
| 61645 | Diagnostic | |
| 61646 | Diagnostic | |
| 61647 | Diagnostic | |
| 61648 | Diagnostic | |
| 61649 | Diagnostic | |
| 61650 | Diagnostic | |
| 61651 | Diagnostic | |
| 61652 | Diagnostic | |
| 61653 | Diagnostic | |
| 62000 | Diagnostic | |
| 62001 | Diagnostic | |
| 62002 | Diagnostic | |
| 62003 | Diagnostic | |
| 62004 | Diagnostic | |
| 62020 | Diagnostic | |
| 62021 | Diagnostic | |
| 62022 | Diagnostic | |
| 62023 | Diagnostic | |
| 62024 | Diagnostic | |
| 62025 | Diagnostic | |
| 62026 | Diagnostic | |
| 62027 | Diagnostic | |
| 62028 | Diagnostic | |
| 62029 | Diagnostic | |
| 62030 | Diagnostic | |
| 62031 | Diagnostic | |
| 62032 | Diagnostic | |
| 62033 | Diagnostic | |
| 62050 | Diagnostic | |
| 62051 | Diagnostic | |
| 62052 | Diagnostic | |
| 62053 | Diagnostic | |
| 62054 | Diagnostic | |
| 62055 | Diagnostic | |
| 62056 | Diagnostic | |
| 62057 | Diagnostic | |
| 62058 | Diagnostic | |
| 62059 | Diagnostic | |
| 62060 | Diagnostic | |
| 62061 | Diagnostic | |
| 62062 | Diagnostic | |
| 62063 | Diagnostic | |
| 62064 | Diagnostic | |
| 62065 | Diagnostic | |
| 62066 | Diagnostic | |
| 62067 | Diagnostic | |
| 62068 | Diagnostic | |
| 62069 | Diagnostic | |
| 62070 | Diagnostic | |
| 62071 | Diagnostic | |
| 62072 | Diagnostic | |
| 62073 | Diagnostic | |
| 62074 | Diagnostic | |
| 62075 | Diagnostic | |
| 62076 | Diagnostic | |
| 62078 | Diagnostic | |
| 62079 | Diagnostic | |
| 62100 | Diagnostic | |
| 62120 | Diagnostic | |
| 62121 | Diagnostic | |
| 62122 | Diagnostic | |
| 62123 | Diagnostic | |
| 62124 | Diagnostic | |
| 62125 | Diagnostic | |
| 62126 | Diagnostic | |
| 62127 | Diagnostic | |
| 62128 | Diagnostic | |
| 62129 | Diagnostic | |
| 62130 | Diagnostic | |
| 62131 | Diagnostic | |
| 62132 | Diagnostic | |
| 62133 | Diagnostic | |
| 62134 | Diagnostic | |
| 62135 | Diagnostic | |
| 62136 | Diagnostic | |
| 62137 | Diagnostic | |
| 62138 | Diagnostic | |
| 62139 | Diagnostic | |
| 62140 | Diagnostic | |
| 62141 | Diagnostic | |
| 62142 | Diagnostic | |
| 62143 | Diagnostic | |
| 62144 | Updating install state of package PackageFamilyName to 'InstallState' with … | Operational |
| 62145 | On commit, creation of shortcut with AppUserModelId AppUserModelID with HRESULT … | Operational |
| 62146 | On commit, update of shortcut with AppUserModelId AppUserModelID with HRESULT … | Operational |
| 62147 | On commit, deletion of shortcut with AppUserModelId AppUserModelID with HRESULT … | Operational |
| 62148 | On commit, creation of temporary shortcut with AppUserModelId AppUserModelID … | Operational |
| 62149 | On commit, changing property values in shortcut with AppUserModelId … | Operational |
| 62150 | On revert, creation of shortcut with AppUserModelId AppUserModelID with HRESULT … | Operational |
| 62151 | On revert, update of shortcut with AppUserModelId AppUserModelID with HRESULT … | Operational |
| 62152 | On revert, deletion of shortcut with AppUserModelId AppUserModelID with HRESULT … | Operational |
| 62153 | Removing folder for package PackageFamilyName with HRESULT ErrorCode. | Operational |
| 62154 | Incremented last write time of shortcut with AppUserModelId AppUserModelID by 2 … | Operational |
| 62155 | Updated lockscreen notifications badge registration of app with AppUserModelId … | Operational |
| 62156 | On revert, updated lockscreen notifications badge registration of app with … | Operational |
| 62157 | Removed lockscreen notifications badge registration of app with AppUserModelId … | Operational |
| 62158 | Updated lockscreen notifications tile registration of app with AppUserModelId … | Operational |
| 62159 | On revert, updated lockscreen notifications tile registration of app with … | Operational |
| 62160 | Removed lockscreen notifications tile registration of app with AppUserModelId … | Operational |
| 62161 | The namespace extension guid will be loaded in the File Picker. | Diagnostic |
| 62162 | The namespace extension guid will not be loaded in the File Picker. | Diagnostic |
| 62163 | Failed to merge PRI for Package PackageFamilyName at path Path with HRESULT … | Operational |
| 62164 | Package PackageFamilyName failed to install with HRESULT ErrorCode. | Operational |
| 62170 | Logon task 'TaskName' started with flags LogonType. | Operational |
| 62171 | Logon task 'TaskName' finished with flags LogonType. | Operational |
| 62200 | Failed to register for licensing policy change event. | Diagnostic |
| 62201 | Failed to create the watermark window. | Diagnostic |
| 62202 | Failed to render the watermark. | Diagnostic |
| 62203 | Failed to get genuine status. | Diagnostic |
| 62204 | Diagnostic | |
| 62205 | Diagnostic | |
| 62250 | Updated lockscreen alarm registration of app with AppUserModelId AppUserModelID … | Operational |
| 62251 | On revert, updated lockscreen alarm registration of app with AppUserModelId … | Operational |
| 62252 | Removed lockscreen alarm registration of app with AppUserModelId AppUserModelID … | Operational |
| 62300 | Diagnostic | |
| 62301 | Diagnostic | |
| 62302 | Diagnostic | |
| 62303 | Diagnostic | |
| 62320 | Diagnostic | |
| 62321 | Diagnostic | |
| 62322 | Diagnostic | |
| 62323 | Diagnostic | |
| 62324 | Diagnostic | |
| 62325 | Diagnostic | |
| 62326 | Diagnostic | |
| 62327 | Diagnostic | |
| 62328 | Diagnostic | |
| 62329 | Diagnostic | |
| 62330 | Diagnostic | |
| 62331 | Diagnostic | |
| 62332 | Diagnostic | |
| 62333 | Diagnostic | |
| 62334 | Diagnostic | |
| 62335 | Diagnostic | |
| 62336 | Diagnostic | |
| 62337 | Fileplaceholder hydration times out. | Diagnostic |
| 62380 | Diagnostic | |
| 62400 | CloudExperienceHost App Activity started. | Operational |
| 62401 | CloudExperienceHost App Activity stopped. | Operational |
| 62402 | CloudExperienceHost App Event 1. | Operational |
| 62403 | CloudExperienceHost App Event 2. | Operational |
| 62404 | CloudExperienceHost Web App Activity started. | Operational |
| 62405 | CloudExperienceHost Web App Activity stopped. | Operational |
| 62406 | CloudExperienceHost Web App Event 1. | Operational |
| 62407 | CloudExperienceHost Web App Event 2. | Operational |
| 62408 | Started execution of command 'Command'. | Operational |
| 62409 | Finished execution of command 'Command' (PID PID). | Operational |
| 62420 | Looking for Restore Profiles | LogonTasksChannel |
| 62421 | Finished looking for Restore Profiles. | LogonTasksChannel |
| 62422 | Adding Profile. | LogonTasksChannel |
| 62423 | Set Restore Profile to Hardware Id: HardwareId. | LogonTasksChannel |
| 62440 | Hash mismatch detected for: ExtOrUriScheme. | AppDefaults |
| 62441 | User choice has been reset to prog id ProgId for ExtOrUriScheme. | AppDefaults |
| 62442 | Upgraded to prog id ProgId from prog id CurrentDefaultProgId for ExtOrUriScheme. | AppDefaults |
| 62443 | AppDefault Info: Info. | AppDefaults |
| 62444 | Missing Hash -- ProgId: ProgId FileExtOrUriScheme: ExtOrUriScheme. | AppDefaults |
| 62445 | Migration Info: Info. | AppDefaults |
| 62460 | OOBE Health Monitor. | Operational |
| 63200 | Application calls obsolete Shell APIs. | ActionCenter |
Event ID 1 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Event ID 2 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Event ID 3 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Event ID 4 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Event ID 101 —
Fields #
| Name | Description |
|---|---|
DeviceHandler UnicodeString | — |
Event ID 102 —
Fields #
| Name | Description |
|---|---|
DeviceHandler UnicodeString | — |
Event ID 103 —
Event ID 104 —
Event ID 105 —
Event ID 106 —
Event ID 107 —
Event ID 108 —
Event ID 109 —
Event ID 110 —
Event ID 111 —
Fields #
| Name | Description |
|---|---|
Command UnicodeString | — |
Event ID 112 —
Fields #
| Name | Description |
|---|---|
Command UnicodeString | — |
Event ID 113 —
Fields #
| Name | Description |
|---|---|
Message UInt32 | — |
Event ID 114 —
Fields #
| Name | Description |
|---|---|
Message UInt32 | — |
Event ID 115 —
Fields #
| Name | Description |
|---|---|
Message UInt32 | — |
Event ID 501 —
Event ID 502 —
Event ID 503 —
Event ID 504 —
Event ID 505 —
Event ID 506 —
Event ID 507 —
Event ID 508 —
Event ID 509 —
Event ID 510 —
Event ID 1001 —
Event ID 1002 —
Event ID 1003 —
Event ID 1004 —
Event ID 1005 —
Event ID 1006 —
Event ID 1007 —
Event ID 1008 —
Event ID 1011 —
Event ID 1012 —
Event ID 1013 —
Event ID 1014 —
Event ID 1015 —
Event ID 1016 —
Event ID 1017 —
Event ID 1018 —
Event ID 1019 —
Event ID 1020 —
Event ID 1021 —
Fields #
| Name | Description |
|---|---|
MaxResults UInt32 | — |
Query UnicodeString | — |
Event ID 1022 —
Fields #
| Name | Description |
|---|---|
MaxResults UInt32 | — |
Query UnicodeString | — |
Event ID 1023 —
Event ID 1024 —
Event ID 1025 —
Event ID 1026 —
Event ID 1027 —
Event ID 1028 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 1029 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 1033 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 1035 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 1037 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 1038 —
Event ID 1039 —
Event ID 1040 —
Fields #
| Name | Description |
|---|---|
HandlerId GUID | — |
Event ID 1041 —
Fields #
| Name | Description |
|---|---|
HandlerId GUID | — |
Event ID 1042 —
Fields #
| Name | Description |
|---|---|
HandlerId GUID | — |
Event ID 1043 —
Fields #
| Name | Description |
|---|---|
HandlerId GUID | — |
Event ID 1044 —
Fields #
| Name | Description |
|---|---|
HandlerId GUID | — |
fReuse UInt32 | — |
Event ID 1045 —
Fields #
| Name | Description |
|---|---|
HandlerId GUID | — |
Event ID 1046 —
Fields #
| Name | Description |
|---|---|
Value UInt32 | — |
Event ID 1047 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 1048 —
Fields #
| Name | Description |
|---|---|
ProviderId GUID | — |
Index UInt32 | — |
Count UInt32 | — |
Event ID 1049 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 1050 —
Event ID 1051 —
Event ID 1054 —
Fields #
| Name | Description |
|---|---|
HandlerId GUID | — |
Event ID 1055 —
Fields #
| Name | Description |
|---|---|
HandlerId GUID | — |
Event ID 1056 —
Event ID 1057 —
Event ID 1058 —
Event ID 1059 —
Event ID 1062 —
Fields #
| Name | Description |
|---|---|
HandlerId GUID | — |
Event ID 1063 —
Fields #
| Name | Description |
|---|---|
HandlerId GUID | — |
Event ID 1064 —
Fields #
| Name | Description |
|---|---|
HandlerId GUID | — |
Event ID 1065 —
Fields #
| Name | Description |
|---|---|
HandlerId GUID | — |
Event ID 1066 —
Event ID 1067 —
Event ID 1068 —
Event ID 1069 —
Event ID 1070 —
Event ID 1071 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 1072 —
Event ID 1073 —
Fields #
| Name | Description |
|---|---|
Index UInt32 | — |
Event ID 1074 —
Event ID 1075 —
Fields #
| Name | Description |
|---|---|
iGroup UInt32 | — |
iItem UInt32 | — |
Event ID 1076 —
Event ID 1077 —
Fields #
| Name | Description |
|---|---|
Index UInt32 | — |
Event ID 1078 —
Event ID 1079 —
Fields #
| Name | Description |
|---|---|
iGroup UInt32 | — |
iItem UInt32 | — |
Event ID 1080 —
Event ID 1081 —
Event ID 1082 —
Fields #
| Name | Description |
|---|---|
Type UInt32 | — |
Event ID 1083 —
Fields #
| Name | Description |
|---|---|
Type UInt32 | — |
Count UInt32 | — |
State UInt32 | — |
Event ID 1084 —
Fields #
| Name | Description |
|---|---|
Type UInt32 | — |
Event ID 1085 —
Fields #
| Name | Description |
|---|---|
Type UInt32 | — |
Cookie UInt32 | — |
Event ID 1086 —
Fields #
| Name | Description |
|---|---|
Type UInt32 | — |
Cookie UInt32 | — |
Event ID 1087 —
Fields #
| Name | Description |
|---|---|
Type UInt32 | — |
Cookie UInt32 | — |
HRESULT UInt32 | — |
Count UInt32 | — |
fWaitingOnRealization UInt32 | — |
Event ID 1088 —
Fields #
| Name | Description |
|---|---|
Type UInt32 | — |
Cookie UInt32 | — |
Event ID 1089 —
Fields #
| Name | Description |
|---|---|
Type UInt32 | — |
Cookie UInt32 | — |
Event ID 1090 —
Fields #
| Name | Description |
|---|---|
Index UInt32 | — |
Version UInt32 | — |
Event ID 1091 —
Fields #
| Name | Description |
|---|---|
Index UInt32 | — |
Version UInt32 | — |
Event ID 1092 —
Fields #
| Name | Description |
|---|---|
Index UInt32 | — |
Version UInt32 | — |
Event ID 1093 —
Fields #
| Name | Description |
|---|---|
Index UInt32 | — |
Version UInt32 | — |
Cookie UInt32 | — |
Event ID 1094 —
Fields #
| Name | Description |
|---|---|
Index UInt32 | — |
Version UInt32 | — |
Cookie UInt32 | — |
Event ID 1095 —
Fields #
| Name | Description |
|---|---|
Index UInt32 | — |
Version UInt32 | — |
Cookie UInt32 | — |
Event ID 1096 —
Fields #
| Name | Description |
|---|---|
Cookie UInt32 | — |
Event ID 1097 —
Fields #
| Name | Description |
|---|---|
Event UInt32 | — |
Event ID 1098 —
Fields #
| Name | Description |
|---|---|
Event UInt32 | — |
Event ID 1099 —
Fields #
| Name | Description |
|---|---|
Event UInt32 | — |
Event ID 1100 —
Fields #
| Name | Description |
|---|---|
Index UInt32 | — |
Version UInt32 | — |
Event ID 1101 —
Fields #
| Name | Description |
|---|---|
Index UInt32 | — |
Version UInt32 | — |
Event ID 1102 —
Event ID 1103 —
Fields #
| Name | Description |
|---|---|
Index UInt32 | — |
Version UInt32 | — |
Event ID 1104 —
Event ID 1105 —
Event ID 1106 —
Fields #
| Name | Description |
|---|---|
Value UInt32 | — |
Event ID 1107 —
Event ID 1108 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 1109 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 1110 —
Event ID 1111 —
Event ID 1112 —
Event ID 1113 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 1114 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 1115 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 1116 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 1117 —
Event ID 1118 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 1119 —
Event ID 1120 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 1121 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 1122 —
Event ID 1123 —
Event ID 1124 —
Event ID 1125 —
Event ID 1126 —
Event ID 1127 —
Event ID 1128 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 1129 —
Event ID 1130 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 1131 —
Event ID 1132 —
Event ID 1133 —
Event ID 1134 —
Event ID 1135 —
Event ID 1140 —
Event ID 1141 —
Event ID 1142 —
Event ID 1143 —
Event ID 1144 —
Event ID 1145 —
Event ID 1146 —
Event ID 1147 —
Event ID 1148 —
Event ID 1149 —
Event ID 1150 —
Event ID 1151 —
Event ID 1152 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 1401 —
Event ID 1402 —
Event ID 1403 —
Event ID 1404 —
Event ID 1405 —
Event ID 1406 —
Event ID 1409 —
Event ID 1410 —
Event ID 1411 —
Event ID 1412 —
Event ID 1413 —
Event ID 1414 —
Event ID 1415 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 1417 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 1419 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 1500 —
Event ID 1501 —
Event ID 1502 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "1502",
"version": "0",
"level": "4",
"task": "1502",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:21:15.031275500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8672"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 1503 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "1503",
"version": "0",
"level": "4",
"task": "1502",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:21:15.032217300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8672"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 1504 —
Event ID 1505 —
Event ID 1506 —
Event ID 1507 —
Event ID 1508 —
Event ID 1509 —
Event ID 1510 —
Event ID 1511 —
Event ID 1512 —
Event ID 1513 —
Event ID 1514 —
Event ID 1515 —
Event ID 1518 —
Event ID 1519 —
Event ID 1520 —
Event ID 1521 —
Event ID 1522 —
Event ID 1523 —
Event ID 1524 —
Event ID 1525 —
Event ID 1526 —
Event ID 1527 —
Event ID 1528 —
Event ID 1529 —
Event ID 1530 —
Event ID 1531 —
Event ID 1532 —
Event ID 1533 —
Event ID 1534 —
Event ID 1535 —
Event ID 1536 —
Event ID 1537 —
Event ID 1538 —
Event ID 1539 —
Event ID 1540 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "1540",
"version": "0",
"level": "4",
"task": "1540",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:38.452962100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13268"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 1541 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "1541",
"version": "0",
"level": "4",
"task": "1540",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:18.682797800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "11516"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 1542 —
Event ID 1543 —
Event ID 1544 —
Event ID 1545 —
Event ID 1546 —
Event ID 1547 —
Event ID 1548 —
Event ID 1549 —
Event ID 1550 —
Event ID 1551 —
Event ID 1552 —
Event ID 1553 —
Event ID 1554 —
Event ID 1555 —
Event ID 1556 —
Event ID 1557 —
Event ID 1558 —
Event ID 1559 —
Event ID 1560 —
Event ID 1561 —
Event ID 1562 —
Event ID 1563 —
Event ID 1564 —
Event ID 1565 —
Event ID 1566 —
Event ID 1567 —
Event ID 1568 —
Event ID 1569 —
Event ID 1570 —
Event ID 1571 —
Event ID 1572 —
Event ID 1573 —
Event ID 1574 —
Event ID 1575 —
Event ID 1576 —
Event ID 1577 —
Event ID 1578 —
Event ID 1579 —
Event ID 1580 —
Event ID 1581 —
Event ID 1582 —
Event ID 1583 —
Event ID 1584 —
Event ID 1585 —
Event ID 1586 —
Event ID 1587 —
Event ID 1588 —
Event ID 1589 —
Event ID 1590 —
Event ID 1591 —
Event ID 1592 —
Event ID 1593 —
Event ID 1594 —
Event ID 1595 —
Event ID 1596 —
Event ID 1597 —
Event ID 1598 —
Event ID 1599 —
Event ID 1600 —
Event ID 1601 —
Event ID 1602 —
Event ID 1603 —
Event ID 1604 —
Event ID 1605 —
Event ID 1606 —
Event ID 1607 —
Event ID 1608 —
Event ID 1609 —
Event ID 1610 —
Event ID 1611 —
Event ID 1612 —
Event ID 1613 —
Event ID 1614 —
Event ID 1615 —
Event ID 1616 —
Event ID 1617 —
Event ID 1618 —
Event ID 1619 —
Event ID 1620 —
Event ID 1621 —
Event ID 1622 —
Event ID 1623 —
Event ID 1628 —
Event ID 1629 —
Event ID 1630 —
Event ID 1631 —
Event ID 1632 —
Event ID 1633 —
Event ID 1634 —
Event ID 1635 —
Event ID 1636 —
Event ID 1637 —
Event ID 1640 —
Event ID 1641 —
Event ID 1642 —
Event ID 1643 —
Event ID 1644 —
Event ID 1645 —
Event ID 1646 —
Event ID 1647 —
Event ID 1648 —
Event ID 1649 —
Event ID 1650 —
Event ID 1651 —
Event ID 1652 —
Event ID 1653 —
Event ID 1654 —
Event ID 1655 —
Event ID 1656 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "1656",
"version": "0",
"level": "4",
"task": "1656",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-16T00:21:39.181590000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11272"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 1657 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "1657",
"version": "0",
"level": "4",
"task": "1656",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-16T00:21:39.182071900+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11272"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 1658 —
Event ID 1659 —
Event ID 1660 —
Event ID 1661 —
Event ID 1662 —
Event ID 1663 —
Event ID 1664 —
Event ID 1665 —
Event ID 1666 —
Event ID 1667 —
Event ID 1668 —
Event ID 1669 —
Event ID 1672 —
Event ID 1673 —
Event ID 1674 —
Event ID 1675 —
Event ID 1676 —
Event ID 1677 —
Event ID 1678 —
Event ID 1679 —
Event ID 1680 —
Event ID 1681 —
Event ID 1682 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "1682",
"version": "0",
"level": "4",
"task": "1682",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-16T00:21:39.181373700+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "4384"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 1683 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "1683",
"version": "0",
"level": "4",
"task": "1682",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-16T00:21:39.187943800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "4384"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 1684 —
Event ID 1685 —
Event ID 1686 —
Event ID 1687 —
Event ID 1688 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "1688",
"version": "0",
"level": "4",
"task": "1688",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:21:00.138341600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13176"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 1689 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "1689",
"version": "0",
"level": "4",
"task": "1688",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:21:00.141903300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13176"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 1690 —
Event ID 1691 —
Event ID 1692 —
Event ID 1693 —
Event ID 1694 —
Event ID 1695 —
Event ID 1696 —
Event ID 1697 —
Event ID 1698 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "1698",
"version": "0",
"level": "4",
"task": "1698",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:38.371230500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13268"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 1699 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "1699",
"version": "0",
"level": "4",
"task": "1698",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:38.373954100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13268"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 1700 —
Event ID 1701 —
Event ID 1702 —
Event ID 1703 —
Event ID 1704 —
Event ID 1705 —
Event ID 1706 —
Event ID 1707 —
Event ID 1708 —
Event ID 1709 —
Event ID 1710 —
Event ID 1711 —
Event ID 1712 —
Event ID 1713 —
Event ID 1714 —
Event ID 1715 —
Event ID 2001 —
Event ID 2002 —
Event ID 2003 —
Event ID 2004 —
Event ID 2005 —
Event ID 2006 —
Event ID 2007 —
Event ID 2008 —
Event ID 2009 —
Event ID 2010 —
Event ID 2011 —
Event ID 2012 —
Event ID 2013 —
Event ID 2014 —
Event ID 2015 —
Event ID 2017 —
Event ID 2019 —
Event ID 2021 —
Event ID 2022 —
Fields #
| Name | Description |
|---|---|
Message UInt32 | — |
Event ID 2023 —
Fields #
| Name | Description |
|---|---|
Message UInt32 | — |
Event ID 2024 —
Fields #
| Name | Description |
|---|---|
Message UInt32 | — |
Event ID 2025 —
Event ID 2027 —
Event ID 2029 —
Event ID 2031 —
Event ID 2033 —
Event ID 2035 —
Event ID 2037 —
Event ID 2039 —
Event ID 2041 —
Event ID 2043 —
Event ID 2045 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 2047 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 2049 —
Event ID 2050 —
Event ID 2051 —
Event ID 2052 —
Event ID 2053 —
Event ID 2054 —
Event ID 2055 —
Event ID 2056 —
Event ID 2057 —
Fields #
| Name | Description |
|---|---|
Path UnicodeString | — |
Event ID 2058 —
Fields #
| Name | Description |
|---|---|
Path UnicodeString | — |
Event ID 2059 —
Fields #
| Name | Description |
|---|---|
Path UnicodeString | — |
Event ID 2060 —
Fields #
| Name | Description |
|---|---|
Path UnicodeString | — |
Event ID 2061 —
Fields #
| Name | Description |
|---|---|
Path UnicodeString | — |
Event ID 2062 —
Fields #
| Name | Description |
|---|---|
Path UnicodeString | — |
Event ID 2063 —
Fields #
| Name | Description |
|---|---|
Path UnicodeString | — |
Event ID 2064 —
Fields #
| Name | Description |
|---|---|
Path UnicodeString | — |
Event ID 2065 —
Fields #
| Name | Description |
|---|---|
Path UnicodeString | — |
Event ID 2066 —
Event ID 2067 —
Fields #
| Name | Description |
|---|---|
Value UInt32 | — |
Event ID 2069 —
Event ID 2070 —
Event ID 2071 —
Event ID 2072 —
Event ID 3001 —
Event ID 3002 —
Event ID 3003 —
Event ID 3004 —
Event ID 3005 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "3005",
"version": "0",
"level": "4",
"task": "4005",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:18.461884100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 3006 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "3006",
"version": "0",
"level": "4",
"task": "4005",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:18.461897000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 3007 —
Fields #
| Name | Description |
|---|---|
dwFlags UInt32 | — |
pszTemplate UnicodeString | — |
Event ID 3009 —
Event ID 3010 —
Event ID 3011 —
Event ID 3012 —
Event ID 3013 —
Event ID 3014 —
Event ID 3015 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "3015",
"version": "0",
"level": "4",
"task": "4015",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:51.145462700+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "10312",
"thread_id": "14168"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 3016 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "3016",
"version": "0",
"level": "4",
"task": "4015",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:51.145464900+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "10312",
"thread_id": "14168"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 4001 —
Fields #
| Name | Description |
|---|---|
Message UInt32 | — |
Event ID 4003 —
Event ID 4005 —
Fields #
| Name | Description |
|---|---|
ThreadID UInt32 | — |
pszName UnicodeString | — |
Event ID 4007 —
Fields #
| Name | Description |
|---|---|
FakeShutdownReason UInt32 | — |
Event ID 4008 —
Fields #
| Name | Description |
|---|---|
WParam UInt32 | — |
LParam UInt32 | — |
Event ID 4009 —
Event ID 5001 —
Event ID 5002 —
Event ID 5003 —
Event ID 5004 —
Event ID 5005 —
Event ID 6001 —
Event ID 6002 —
Event ID 6201 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "6201",
"version": "0",
"level": "4",
"task": "6201",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.067714800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 6202 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "6202",
"version": "0",
"level": "4",
"task": "6201",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.108720300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"HRESULT": "2147791360"
},
"message": ""
}
Event ID 6203 —
Event ID 6204 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 6205 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "6205",
"version": "0",
"level": "4",
"task": "6205",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.066983600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 6206 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
LowQuality Boolean | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "6206",
"version": "0",
"level": "4",
"task": "6205",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.067060500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"HRESULT": "2147680258",
"LowQuality": "true"
},
"message": ""
}
Event ID 6207 —
Event ID 6208 —
Event ID 6209 —
Event ID 6210 —
Event ID 6211 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "6211",
"version": "0",
"level": "4",
"task": "6211",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.106203200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 6212 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "6212",
"version": "0",
"level": "4",
"task": "6211",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.121868900+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 6213 —
Event ID 6214 —
Event ID 6215 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "6215",
"version": "0",
"level": "4",
"task": "6215",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:21:03.188230900+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13268"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 6216 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "6216",
"version": "0",
"level": "4",
"task": "6215",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:21:03.189901400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13268"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 6217 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
RequestSize UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "6217",
"version": "0",
"level": "4",
"task": "6217",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.066737800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FileName": "automaton",
"RequestSize": " 48"
},
"message": ""
}
Event ID 6218 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "6218",
"version": "0",
"level": "4",
"task": "6217",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.067219200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"HRESULT": "2147791363"
},
"message": ""
}
Event ID 6219 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "6219",
"version": "0",
"level": "4",
"task": "6219",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.108897500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 6220 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "6220",
"version": "0",
"level": "4",
"task": "6219",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.109603500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"HRESULT": " 0"
},
"message": ""
}
Event ID 6221 —
Event ID 6222 —
Event ID 6223 —
Event ID 6224 —
Event ID 6225 —
Event ID 6226 —
Fields #
| Name | Description |
|---|---|
HRESULT Int32 | — |
RequestSize UInt32 | — |
Event ID 6227 —
Event ID 6228 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 6229 —
Event ID 6230 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 6231 —
Fields #
| Name | Description |
|---|---|
CropLookupSize UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "6231",
"version": "0",
"level": "4",
"task": "6231",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.109604500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"CropLookupSize": " 2560"
},
"message": ""
}
Event ID 6233 —
Event ID 6235 —
Event ID 6236 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 6237 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 6238 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 6239 —
Fields #
| Name | Description |
|---|---|
HRESULT Int32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "6239",
"version": "0",
"level": "2",
"task": "6239",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.107825200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"HRESULT": "-2147175936"
},
"message": ""
}
Event ID 6240 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "6240",
"version": "0",
"level": "4",
"task": "6240",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:21:15.027004100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 6241 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "6241",
"version": "0",
"level": "4",
"task": "6240",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:21:15.027088300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"HRESULT": " 0"
},
"message": ""
}
Event ID 6242 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
RequestSize Int32 | — |
WTSFlags UInt32 | — |
Event ID 6243 —
Fields #
| Name | Description |
|---|---|
HRESULT Int32 | — |
CacheFlags UInt32 | — |
SizeX Int32 | — |
SizeY Int32 | — |
StreamType Int32 | — |
Event ID 6501 —
Event ID 6502 —
Event ID 6503 —
Event ID 6504 —
Event ID 6505 —
Event ID 6506 —
Event ID 6507 —
Event ID 6508 —
Event ID 6509 —
Event ID 6510 —
Fields #
| Name | Description |
|---|---|
Path UnicodeString | — |
Event ID 6511 —
Event ID 6512 —
Event ID 6513 —
Event ID 6514 —
Event ID 6515 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 6516 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 6517 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 6518 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 7001 —
Event ID 7002 —
Event ID 7003 —
Event ID 7004 —
Event ID 7005 —
Event ID 7006 —
Event ID 8001 —
Event ID 8002 —
Event ID 8003 —
Event ID 8004 —
Event ID 8005 —
Event ID 8006 —
Event ID 9501 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9503 —
Event ID 9505 —
Event ID 9506 —
Event ID 9509 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9510 —
Event ID 9511 —
Event ID 9512 —
Event ID 9513 —
Fields #
| Name | Description |
|---|---|
Query UnicodeString | — |
Event ID 9515 —
Event ID 9517 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 9519 —
Event ID 9520 —
Event ID 9521 —
Event ID 9522 —
Event ID 9523 —
Event ID 9525 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9526 —
Event ID 9527 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9529 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9531 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9533 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9535 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9539 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9541 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9543 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9545 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9547 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9549 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9551 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9553 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9555 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9557 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9559 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9560 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 9561 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9563 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9565 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9567 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9568 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9569 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9571 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9573 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9575 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9577 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9581 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9583 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9585 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9587 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9589 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9591 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9593 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9595 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9597 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9599 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 9601 —
Event ID 9602 —
Event ID 9603 —
Event ID 9604 —
Event ID 9607 —
Event ID 9608 —
Event ID 9609 —
Event ID 9610 —
Event ID 9611 —
Event ID 9612 —
Event ID 9613 —
Fields #
| Name | Description |
|---|---|
SqmType UInt32 | — |
SqmSid SID | — |
Event ID 9615 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9617 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9619 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 9621 —
Event ID 9622 —
Event ID 9623 —
Event ID 9625 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
Event ID 9626 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
Event ID 9627 —
Event ID 9628 —
Event ID 9629 —
Event ID 9630 —
Event ID 9631 —
Fields #
| Name | Description |
|---|---|
WParam UInt32 | — |
LParam UInt32 | — |
Event ID 9633 —
Fields #
| Name | Description |
|---|---|
WParam UInt32 | — |
LParam UInt32 | — |
Event ID 9635 —
Fields #
| Name | Description |
|---|---|
WParam UInt32 | — |
LParam UInt32 | — |
Event ID 9637 —
Event ID 9638 —
Event ID 9639 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 9641 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 9643 —
Event ID 9644 —
Event ID 9645 —
Event ID 9646 —
Event ID 9647 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 9648 —
#Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 9648,
"version": 0,
"level": 4,
"task": 9648,
"opcode": 1,
"keywords": 2305843009280868352,
"time_created": "2023-11-05T23:54:50.099298+00:00",
"event_record_id": 2728,
"correlation": {},
"execution": {
"process_id": 10860,
"thread_id": 9624
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"psz": "Finalize"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 9649 —
#Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 9649,
"version": 0,
"level": 4,
"task": 9648,
"opcode": 2,
"keywords": 2305843009280868352,
"time_created": "2023-11-05T23:54:50.099591+00:00",
"event_record_id": 2729,
"correlation": {},
"execution": {
"process_id": 10860,
"thread_id": 9624
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"psz": "Finalize"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 9650 —
Event ID 9651 —
Event ID 9652 —
#Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 9652,
"version": 0,
"level": 4,
"task": 9652,
"opcode": 1,
"keywords": 2305843009280868352,
"time_created": "2023-11-05T23:54:32.617653+00:00",
"event_record_id": 2710,
"correlation": {},
"execution": {
"process_id": 10860,
"thread_id": 9624
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"psz": "FinalTasks"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 9653 —
#Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 9653,
"version": 0,
"level": 4,
"task": 9652,
"opcode": 2,
"keywords": 2305843009280868352,
"time_created": "2023-11-05T23:54:33.687660+00:00",
"event_record_id": 2712,
"correlation": {},
"execution": {
"process_id": 10860,
"thread_id": 9624
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"psz": "DesktopFinalTasks"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 9654 —
Fields #
| Name | Description |
|---|---|
Reason UInt32 | — |
Event ID 9660 —
Fields #
| Name | Description |
|---|---|
Value UInt32 | — |
Event ID 9662 —
Event ID 9663 —
Event ID 9664 —
Event ID 9665 —
Event ID 9666 —
Event ID 9699 —
Event ID 9701 —
Event ID 9702 —
Event ID 9703 — RunOnce commands started.
#Description
RunOnce commands started.
Message #
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 9703,
"version": 0,
"level": 4,
"task": 9703,
"opcode": 1,
"keywords": 2305843009280868352,
"time_created": "2023-11-05T22:29:04.086498+00:00",
"event_record_id": 1725,
"correlation": {},
"execution": {
"process_id": 6020,
"thread_id": 5856
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 9704 — RunOnce commands finished.
#Description
RunOnce commands finished.
Message #
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 9704,
"version": 0,
"level": 4,
"task": 9703,
"opcode": 2,
"keywords": 2305843009280868352,
"time_created": "2023-11-05T22:29:38.761932+00:00",
"event_record_id": 1898,
"correlation": {},
"execution": {
"process_id": 6020,
"thread_id": 5856
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 9705 — Started enumeration of commands for registry key 'KeyName'.
#Description
Started enumeration of commands for registry key 'KeyName'.
Message #
Fields #
| Name | Description |
|---|---|
KeyName UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 9705,
"version": 0,
"level": 4,
"task": 9705,
"opcode": 1,
"keywords": 2305843009280868352,
"time_created": "2023-11-05T23:54:44.247520+00:00",
"event_record_id": 2715,
"correlation": {},
"execution": {
"process_id": 10860,
"thread_id": 11316
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"KeyName": "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 9706 — Finished enumeration of commands for registry key 'KeyName'.
#Description
Finished enumeration of commands for registry key 'KeyName'.
Message #
Fields #
| Name | Description |
|---|---|
KeyName UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 9706,
"version": 0,
"level": 4,
"task": 9705,
"opcode": 2,
"keywords": 2305843009280868352,
"time_created": "2023-11-05T23:54:50.098749+00:00",
"event_record_id": 2724,
"correlation": {},
"execution": {
"process_id": 10860,
"thread_id": 11316
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"KeyName": "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 9707 — Started execution of command 'Command'.
#Description
Started execution of command 'Command'.
Message #
Fields #
| Name | Description |
|---|---|
Command UnicodeString | Full command line for the command that was executed |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 9707,
"version": 0,
"level": 4,
"task": 9707,
"opcode": 1,
"keywords": 2305843009280868352,
"time_created": "2023-11-05T23:54:45.468332+00:00",
"event_record_id": 2722,
"correlation": {},
"execution": {
"process_id": 10860,
"thread_id": 11316
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"Command": "installer.exe\" /repair"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
- Windows Forensic Artifacts https://github.com/Psmths/windows-forensic-artifacts/blob/main/execution/evtx-9707-shell-core.md
Event ID 9708 — Finished execution of command 'Command' (PID PID).
#Description
Finished execution of command 'Command' (PID PID).
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
Command UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 9708,
"version": 0,
"level": 4,
"task": 9707,
"opcode": 2,
"keywords": 2305843009280868352,
"time_created": "2023-11-05T23:54:50.098732+00:00",
"event_record_id": 2723,
"correlation": {},
"execution": {
"process_id": 10860,
"thread_id": 11316
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"PID": 11932,
"Command": "installer.exe\" /repair"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 9709 —
Fields #
| Name | Description |
|---|---|
Command UnicodeString | — |
Event ID 9710 —
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
Command UnicodeString | — |
Event ID 9711 —
Fields #
| Name | Description |
|---|---|
Command UnicodeString | — |
Event ID 9712 —
Fields #
| Name | Description |
|---|---|
Command UnicodeString | — |
Event ID 9713 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 9714 —
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
Event ID 9716 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 9717 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 9801 —
Event ID 9802 —
Event ID 9803 —
Event ID 9804 —
Event ID 9805 —
Event ID 9806 —
Event ID 9808 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 9810 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 9811 —
Fields #
| Name | Description |
|---|---|
AppID UnicodeString | — |
HRESULT UInt32 | — |
Event ID 9812 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
CallerId Int32 | — |
Event ID 9901 —
Event ID 9902 —
Event ID 9903 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 9904 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 9905 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 9906 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 9907 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 9909 —
Event ID 9910 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 9911 —
Event ID 9912 —
Event ID 9913 —
Event ID 9914 —
Event ID 9915 —
Event ID 9916 —
Event ID 9917 —
Event ID 9918 —
Event ID 9919 —
Event ID 10001 —
Event ID 10002 —
Event ID 11001 —
Event ID 11003 —
Event ID 11004 —
Event ID 11005 —
Event ID 11006 —
Event ID 11007 —
Event ID 11009 —
Event ID 11010 —
Event ID 11011 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 11013 —
Fields #
| Name | Description |
|---|---|
Value UInt32 | — |
Event ID 11014 —
Fields #
| Name | Description |
|---|---|
Value UInt32 | — |
Event ID 11015 —
Event ID 11016 —
Event ID 11017 —
Event ID 12001 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 12101 —
Event ID 12102 —
Event ID 12103 —
Event ID 12104 —
Event ID 12105 —
Event ID 12106 —
Event ID 12107 —
Event ID 12108 —
Event ID 12109 —
Event ID 12110 —
Event ID 12111 —
Event ID 12112 —
Event ID 12113 —
Event ID 12114 —
Event ID 13001 —
Event ID 13002 —
Event ID 13003 —
Event ID 13004 —
Event ID 13005 —
Event ID 13006 —
Event ID 13007 —
Event ID 13008 —
Event ID 13101 —
Event ID 13102 —
Event ID 13501 —
Event ID 13502 —
Event ID 13503 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 13505 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 13507 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 13509 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 13511 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 13513 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 13515 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 13517 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 14001 —
Event ID 14002 —
Event ID 14003 —
Event ID 14004 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 14005 —
Event ID 14006 —
Event ID 14007 —
Event ID 14008 —
Event ID 14009 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 14101 —
Event ID 14102 —
Event ID 14103 —
Event ID 14104 —
Event ID 14201 —
Fields #
| Name | Description |
|---|---|
QueryId UInt32 | — |
Event ID 14202 —
Fields #
| Name | Description |
|---|---|
QueryId UInt32 | — |
Event ID 14203 —
Fields #
| Name | Description |
|---|---|
QueryId UInt32 | — |
Event ID 14204 —
Fields #
| Name | Description |
|---|---|
QueryId UInt32 | — |
Event ID 14205 —
Fields #
| Name | Description |
|---|---|
QueryId UInt32 | — |
Event ID 14206 —
Fields #
| Name | Description |
|---|---|
QueryId UInt32 | — |
Event ID 14207 —
Fields #
| Name | Description |
|---|---|
QueryId UInt32 | — |
QueryString UnicodeString | — |
Event ID 14209 —
Fields #
| Name | Description |
|---|---|
QueryId UInt32 | — |
Event ID 14211 —
Fields #
| Name | Description |
|---|---|
QueryId UInt32 | — |
Event ID 14213 —
Fields #
| Name | Description |
|---|---|
QueryId UInt32 | — |
Event ID 14215 —
Event ID 14216 —
Event ID 14217 —
Event ID 14219 —
Event ID 14220 —
Fields #
| Name | Description |
|---|---|
Value UInt32 | — |
Event ID 14501 —
Event ID 14502 —
Event ID 14503 —
Event ID 14504 —
Event ID 14505 —
Event ID 14506 —
Event ID 14507 —
Event ID 14508 —
Event ID 14509 —
Event ID 14510 —
Event ID 14511 —
Event ID 14512 —
Event ID 14513 —
Event ID 14514 —
Event ID 14515 —
Event ID 14516 —
Event ID 14517 —
Event ID 14518 —
Event ID 14519 —
Event ID 14520 —
Event ID 14521 —
Event ID 14522 —
Event ID 14523 —
Event ID 14524 —
Event ID 14525 —
Event ID 14526 —
Event ID 14527 —
Event ID 14528 —
Event ID 14529 —
Event ID 14530 —
Event ID 14531 —
Event ID 14532 —
Event ID 14533 —
Event ID 14534 —
Event ID 14535 —
Event ID 14536 —
Event ID 14537 —
Event ID 14538 —
Event ID 14539 —
Event ID 14540 —
Event ID 14541 —
Event ID 14542 —
Event ID 14543 —
Event ID 14544 —
Event ID 14545 —
Event ID 14546 —
Event ID 14547 —
Event ID 14548 —
Event ID 14549 —
Event ID 14550 —
Event ID 14551 —
Event ID 14552 —
Event ID 14553 —
Event ID 14554 —
Event ID 14555 —
Event ID 14556 —
Event ID 14557 —
Event ID 14558 —
Event ID 14559 —
Event ID 14560 —
Event ID 14561 —
Fields #
| Name | Description |
|---|---|
VARTYPEFrom UInt16 | — |
VARTYPETo UInt16 | — |
HRESULT UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "14561",
"version": "0",
"level": "4",
"task": "14561",
"opcode": "0",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.358171500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"VARTYPEFrom": "8",
"VARTYPETo": "31",
"HRESULT": " 0"
},
"message": ""
}
Event ID 14563 —
Fields #
| Name | Description |
|---|---|
VARTYPEFrom UInt16 | — |
VARTYPETo UInt16 | — |
HRESULT UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "14563",
"version": "0",
"level": "4",
"task": "14563",
"opcode": "0",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.304818400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"VARTYPEFrom": "8",
"VARTYPETo": "72",
"HRESULT": " 0"
},
"message": ""
}
Event ID 14564 —
Fields #
| Name | Description |
|---|---|
VARTYPEFrom UInt16 | — |
VARTYPETo UInt16 | — |
HRESULT UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "14564",
"version": "0",
"level": "4",
"task": "14565",
"opcode": "0",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:21:14.994735200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13880"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"VARTYPEFrom": "8",
"VARTYPETo": "72",
"HRESULT": " 0"
},
"message": ""
}
Event ID 15001 —
Event ID 15002 —
Event ID 15003 —
Event ID 15004 —
Event ID 15501 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "15501",
"version": "0",
"level": "4",
"task": "15501",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.397443500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 15502 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "15502",
"version": "0",
"level": "4",
"task": "15501",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.397448000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 15503 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "15503",
"version": "0",
"level": "4",
"task": "15503",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.397440300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{b725f130-47ef-101a-a5f1-02608c9eebac}",
"PID": " 10"
},
"message": ""
}
Event ID 15504 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "15504",
"version": "0",
"level": "4",
"task": "15503",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.397448500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{b725f130-47ef-101a-a5f1-02608c9eebac}",
"PID": " 10"
},
"message": ""
}
Event ID 15505 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "15505",
"version": "0",
"level": "4",
"task": "15505",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:18.461203300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{9f4c2855-9f79-4b39-a8d0-e1d42de1d5f3}",
"PID": " 3"
},
"message": ""
}
Event ID 15506 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "15506",
"version": "0",
"level": "4",
"task": "15505",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:18.461208500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{9f4c2855-9f79-4b39-a8d0-e1d42de1d5f3}",
"PID": " 3"
},
"message": ""
}
Event ID 15507 —
Fields #
| Name | Description |
|---|---|
CanonicalName UnicodeString | — |
Event ID 15508 —
Fields #
| Name | Description |
|---|---|
CanonicalName UnicodeString | — |
Event ID 15509 —
Event ID 15510 —
Event ID 15511 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "15511",
"version": "0",
"level": "4",
"task": "15511",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.358169000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{41cf5ae0-f75a-4806-bd87-59c7d9248eb9}",
"PID": " 100"
},
"message": ""
}
Event ID 15512 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "15512",
"version": "0",
"level": "4",
"task": "15511",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.358173200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{41cf5ae0-f75a-4806-bd87-59c7d9248eb9}",
"PID": " 100"
},
"message": ""
}
Event ID 15513 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "15513",
"version": "0",
"level": "4",
"task": "15513",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.362688800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "5416"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{32bcb03c-7f34-4e3f-bbb2-ebe63629f5e4}",
"PID": " 100"
},
"message": ""
}
Event ID 15514 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "15514",
"version": "0",
"level": "4",
"task": "15513",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.362689700+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "5416"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{32bcb03c-7f34-4e3f-bbb2-ebe63629f5e4}",
"PID": " 100"
},
"message": ""
}
Event ID 15515 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "15515",
"version": "0",
"level": "4",
"task": "15515",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:22:59.123831800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "9500",
"thread_id": "11152"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 15516 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "15516",
"version": "0",
"level": "4",
"task": "15515",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:22:59.123833300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "9500",
"thread_id": "11152"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 15517 —
Event ID 15518 —
Event ID 15519 —
Fields #
| Name | Description |
|---|---|
CanonicalName UnicodeString | — |
Event ID 15520 —
Fields #
| Name | Description |
|---|---|
CanonicalName UnicodeString | — |
Event ID 16501 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16501",
"version": "0",
"level": "4",
"task": "16501",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:22:59.123848800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "9500",
"thread_id": "11152"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16502 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16502",
"version": "0",
"level": "4",
"task": "16501",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:22:59.124672400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "9500",
"thread_id": "11152"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16503 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16503",
"version": "0",
"level": "4",
"task": "16503",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.358148500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{41cf5ae0-f75a-4806-bd87-59c7d9248eb9}",
"PID": " 100"
},
"message": ""
}
Event ID 16504 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16504",
"version": "0",
"level": "4",
"task": "16503",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.358173700+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{41cf5ae0-f75a-4806-bd87-59c7d9248eb9}",
"PID": " 100"
},
"message": ""
}
Event ID 16505 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Event ID 16506 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Event ID 16507 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16507",
"version": "0",
"level": "4",
"task": "16507",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.362684000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "5416"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{32bcb03c-7f34-4e3f-bbb2-ebe63629f5e4}",
"PID": " 100"
},
"message": ""
}
Event ID 16508 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16508",
"version": "0",
"level": "4",
"task": "16507",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.362691800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "5416"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{32bcb03c-7f34-4e3f-bbb2-ebe63629f5e4}",
"PID": " 100"
},
"message": ""
}
Event ID 16509 —
Event ID 16510 —
Event ID 16511 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Event ID 16512 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Event ID 16513 —
Event ID 16514 —
Event ID 16600 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16600",
"version": "0",
"level": "4",
"task": "16600",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:23:22.277790300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "1452",
"thread_id": "9352"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16601 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16601",
"version": "0",
"level": "4",
"task": "16600",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:23:22.455705100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "1452",
"thread_id": "9352"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16602 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16602",
"version": "0",
"level": "4",
"task": "16602",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.358126500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16603 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16603",
"version": "0",
"level": "4",
"task": "16602",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.358130400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16604 —
Event ID 16605 —
Event ID 16606 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16606",
"version": "0",
"level": "4",
"task": "16606",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:23:22.277805100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "1452",
"thread_id": "9352"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16607 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16607",
"version": "0",
"level": "4",
"task": "16606",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:23:22.277819000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "1452",
"thread_id": "9352"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16608 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16608",
"version": "0",
"level": "4",
"task": "16608",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.358159100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{41cf5ae0-f75a-4806-bd87-59c7d9248eb9}",
"PID": " 100"
},
"message": ""
}
Event ID 16609 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16609",
"version": "0",
"level": "4",
"task": "16608",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.358162800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{41cf5ae0-f75a-4806-bd87-59c7d9248eb9}",
"PID": " 100"
},
"message": ""
}
Event ID 16610 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16610",
"version": "0",
"level": "4",
"task": "16610",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:21:39.172229400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16611 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16611",
"version": "0",
"level": "4",
"task": "16610",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:21:39.172245400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16612 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16612",
"version": "0",
"level": "4",
"task": "16612",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:21:39.172261200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16613 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16613",
"version": "0",
"level": "4",
"task": "16612",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:21:39.172279700+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16614 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Event ID 16615 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Event ID 16616 —
Event ID 16617 —
Event ID 16618 —
Event ID 16619 —
Event ID 16620 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Event ID 16621 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 16700 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16700",
"version": "0",
"level": "4",
"task": "16700",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.358263800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16701 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16701",
"version": "0",
"level": "4",
"task": "16700",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.358357700+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16702 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16702",
"version": "0",
"level": "4",
"task": "16702",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.358066600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16703 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16703",
"version": "0",
"level": "4",
"task": "16702",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.358147300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16704 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16704",
"version": "0",
"level": "4",
"task": "16704",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:21:39.099905900+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16705 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16705",
"version": "0",
"level": "4",
"task": "16704",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:21:39.171889800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16706 —
Event ID 16707 —
Event ID 16708 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16708",
"version": "0",
"level": "4",
"task": "16708",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.358133900+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16709 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16709",
"version": "0",
"level": "4",
"task": "16708",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.358146400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16710 —
Event ID 16711 —
Event ID 16712 —
Event ID 16713 —
Event ID 16714 —
Event ID 16715 —
Event ID 16716 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16716",
"version": "0",
"level": "4",
"task": "16716",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.360917200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{9b174b35-40ff-11d2-a27e-00c04fc30871}",
"PID": " 10"
},
"message": ""
}
Event ID 16717 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16717",
"version": "0",
"level": "4",
"task": "16716",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.360918600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{9b174b35-40ff-11d2-a27e-00c04fc30871}",
"PID": " 10"
},
"message": ""
}
Event ID 16718 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16718",
"version": "0",
"level": "4",
"task": "16718",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:21:39.173847300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16719 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16719",
"version": "0",
"level": "4",
"task": "16718",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:21:39.199083000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16720 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16720",
"version": "0",
"level": "4",
"task": "16720",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:21:39.199113800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16721 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16721",
"version": "0",
"level": "4",
"task": "16720",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:21:39.199126900+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16722 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16722",
"version": "0",
"level": "4",
"task": "16722",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.358150300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{41cf5ae0-f75a-4806-bd87-59c7d9248eb9}",
"PID": " 100"
},
"message": ""
}
Event ID 16723 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16723",
"version": "0",
"level": "4",
"task": "16722",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.358151500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{41cf5ae0-f75a-4806-bd87-59c7d9248eb9}",
"PID": " 100"
},
"message": ""
}
Event ID 16724 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16724",
"version": "0",
"level": "4",
"task": "16724",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.360195000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{9b174b35-40ff-11d2-a27e-00c04fc30871}",
"PID": " 10"
},
"message": ""
}
Event ID 16725 —
Fields #
| Name | Description |
|---|---|
FMTID GUID | — |
PID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16725",
"version": "0",
"level": "4",
"task": "16724",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.360371200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"FMTID": "{b2f9b9d6-fec4-4dd5-94d7-8957488c807b}",
"PID": " 2"
},
"message": ""
}
Event ID 16726 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16726",
"version": "0",
"level": "4",
"task": "16726",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:21:39.172072600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16727 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16727",
"version": "0",
"level": "4",
"task": "16726",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:21:39.172086200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16728 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16728",
"version": "0",
"level": "4",
"task": "16728",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:21:39.172099800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16729 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "16729",
"version": "0",
"level": "4",
"task": "16728",
"opcode": "2",
"keywords": 9223372036854906880,
"time_created": "2026-03-16T00:21:39.172112200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 16801 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 16803 —
Event ID 16804 —
Event ID 16805 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 16807 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 16809 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 16811 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 16813 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 16815 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 16817 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 16901 —
Event ID 16902 —
Event ID 16903 —
Event ID 16904 —
Event ID 16905 —
Event ID 16906 —
Event ID 16907 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 17001 —
Event ID 17002 —
Event ID 17003 —
Event ID 17004 —
Event ID 17005 —
Event ID 17006 —
Event ID 17007 —
Event ID 17008 —
Fields #
| Name | Description |
|---|---|
LoopCount UInt32 | — |
Event ID 17009 —
Event ID 17010 —
Event ID 17101 —
Event ID 17103 —
Event ID 17105 —
Event ID 17107 —
Event ID 17109 —
Event ID 17111 —
Event ID 17113 —
Event ID 17115 —
Event ID 17117 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 17119 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 17121 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 17501 —
Event ID 17502 —
Event ID 17503 —
Event ID 17504 —
Event ID 17505 —
Event ID 17506 —
Event ID 17507 —
Event ID 17508 —
Event ID 17509 —
Event ID 17510 —
Event ID 17511 —
Event ID 17512 —
Event ID 17513 —
Event ID 17514 —
Event ID 17515 —
Fields #
| Name | Description |
|---|---|
Success UInt32 | — |
Path UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "17515",
"version": "0",
"level": "4",
"task": "17515",
"opcode": "1",
"keywords": 9223372036854906880,
"time_created": "2026-03-15T04:20:38.364128200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"Success": " 1",
"Path": "C:\\Users\\domainadmin\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles"
},
"message": ""
}
Event ID 17516 —
Fields #
| Name | Description |
|---|---|
Success UInt32 | — |
Path UnicodeString | — |
Event ID 17517 —
Event ID 17518 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18001 —
Event ID 18003 —
Event ID 18005 —
Event ID 18006 —
Event ID 18007 —
Event ID 18008 —
Event ID 18009 —
Event ID 18010 —
Event ID 18011 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18012 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 18013 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 18015 —
Event ID 18017 —
Event ID 18018 —
Event ID 18501 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18503 —
Event ID 18505 —
Event ID 18506 —
Event ID 18507 —
Event ID 18508 —
Event ID 18509 —
Event ID 18511 —
Event ID 18512 —
Event ID 18513 —
Event ID 18514 —
Event ID 18515 —
Event ID 18516 —
Event ID 18517 —
Event ID 18518 —
Event ID 18521 —
Event ID 18522 —
Event ID 18523 —
Fields #
| Name | Description |
|---|---|
Message UInt32 | — |
Event ID 18524 —
Event ID 18525 —
Event ID 18526 —
Event ID 18527 —
Event ID 18528 —
Event ID 18529 —
Event ID 18530 —
Event ID 18531 —
Event ID 18532 —
Event ID 18533 —
Event ID 18534 —
Event ID 18535 —
Event ID 18536 —
Event ID 18537 —
Event ID 18538 —
Event ID 18539 —
Event ID 18540 —
Event ID 18541 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 18543 —
Event ID 18544 —
Event ID 18545 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
ImageQualityFlags UInt32 | — |
Event ID 18546 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 18547 —
Event ID 18548 —
Event ID 18549 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18549",
"version": "0",
"level": "4",
"task": "18549",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:21:14.993884500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13880"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18550 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18550",
"version": "0",
"level": "4",
"task": "18549",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:21:15.000893300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13880"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"Count": " 13"
},
"message": ""
}
Event ID 18551 —
Event ID 18552 —
Event ID 18553 —
Event ID 18554 —
Event ID 18555 —
Event ID 18556 —
Event ID 18557 —
Event ID 18558 —
Event ID 18559 —
Fields #
| Name | Description |
|---|---|
LoopCount UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18559",
"version": "0",
"level": "4",
"task": "18559",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:21:15.000979300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13880"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"LoopCount": " 13"
},
"message": ""
}
Event ID 18560 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18560",
"version": "0",
"level": "4",
"task": "18559",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:21:15.001230400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13880"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18561 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18561",
"version": "0",
"level": "4",
"task": "18561",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:21:15.030524900+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"Count": " 4"
},
"message": ""
}
Event ID 18563 —
Event ID 18565 —
Event ID 18567 —
Event ID 18568 —
Event ID 18569 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18569",
"version": "0",
"level": "4",
"task": "18569",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.067361900+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18570 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18570",
"version": "0",
"level": "4",
"task": "18569",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.123063100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18571 —
Fields #
| Name | Description |
|---|---|
TaskID GUID | — |
QueueItemCount Int32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18571",
"version": "0",
"level": "4",
"task": "18571",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:38.891644800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"TaskID": "{05cdcb31-adfd-4d5a-9c4e-1a5650fe0867}",
"QueueItemCount": "0"
},
"message": ""
}
Event ID 18573 —
Fields #
| Name | Description |
|---|---|
TaskID GUID | — |
QueueItemCount Int32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18573",
"version": "0",
"level": "4",
"task": "18573",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.066811200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13268"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"TaskID": "{76119f10-b9e3-11d1-a7f4-006008059382}",
"QueueItemCount": "1"
},
"message": ""
}
Event ID 18575 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18575",
"version": "0",
"level": "4",
"task": "18575",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.067220300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18576 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18576",
"version": "0",
"level": "4",
"task": "18575",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.067237800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18577 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18577",
"version": "0",
"level": "4",
"task": "18577",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.067349200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18578 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18578",
"version": "0",
"level": "4",
"task": "18577",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.067356700+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18579 —
Fields #
| Name | Description |
|---|---|
Mode UInt32 | — |
IconSize UInt32 | — |
Event ID 18580 —
Fields #
| Name | Description |
|---|---|
Mode UInt32 | — |
IconSize UInt32 | — |
Event ID 18581 —
Fields #
| Name | Description |
|---|---|
LoopCount UInt32 | — |
Event ID 18582 —
Event ID 18583 —
Event ID 18584 —
Event ID 18585 —
Event ID 18586 —
Event ID 18587 —
Event ID 18588 —
Event ID 18589 —
Event ID 18590 —
Event ID 18591 —
Event ID 18592 —
Event ID 18593 —
Event ID 18594 —
Event ID 18595 —
Event ID 18596 —
Event ID 18597 —
Event ID 18598 —
Event ID 18599 —
Event ID 18600 —
Event ID 18601 —
Event ID 18602 —
Event ID 18603 —
Event ID 18604 —
Event ID 18605 —
Event ID 18606 —
Event ID 18607 —
Event ID 18608 —
Event ID 18609 —
Event ID 18610 —
Event ID 18611 —
Event ID 18612 —
Event ID 18613 —
Event ID 18614 —
Event ID 18615 —
Event ID 18616 —
Event ID 18617 —
Event ID 18618 —
Event ID 18619 —
Event ID 18620 —
Event ID 18621 —
Event ID 18622 —
Event ID 18623 —
Event ID 18624 —
Event ID 18625 —
Event ID 18626 —
Event ID 18627 —
Event ID 18628 —
Event ID 18629 —
Event ID 18630 —
Event ID 18631 —
Event ID 18632 —
Event ID 18633 —
Event ID 18634 —
Event ID 18635 —
Event ID 18636 —
Event ID 18637 —
Event ID 18638 —
Event ID 18639 —
Event ID 18640 —
Event ID 18641 —
Event ID 18642 —
Event ID 18645 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18645",
"version": "0",
"level": "4",
"task": "18645",
"opcode": "1",
"keywords": 9223372036855824384,
"time_created": "2026-03-15T04:20:20.624939600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{d73f5340-b345-000c-cd30-43d745b3dc01}"
},
"execution": {
"process_id": "14792",
"thread_id": "10916"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18646 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18646",
"version": "0",
"level": "4",
"task": "18645",
"opcode": "2",
"keywords": 9223372036855824384,
"time_created": "2026-03-15T04:20:20.624951100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{d73f5340-b345-000c-cd30-43d745b3dc01}"
},
"execution": {
"process_id": "14792",
"thread_id": "10916"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18649 —
Event ID 18650 —
Event ID 18653 —
Event ID 18654 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 18657 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 18658 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18659 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18660 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18661 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 18663 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18663",
"version": "0",
"level": "4",
"task": "18663",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.123504800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18664 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18664",
"version": "0",
"level": "4",
"task": "18663",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.123659000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18665 —
Event ID 18669 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18675 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18676 —
Event ID 18677 —
Event ID 18678 —
Event ID 18679 —
Event ID 18680 —
Event ID 18681 —
Event ID 18682 —
Event ID 18683 —
Fields #
| Name | Description |
|---|---|
Name UnicodeString | — |
Event ID 18684 —
Fields #
| Name | Description |
|---|---|
Name UnicodeString | — |
Event ID 18685 —
Event ID 18686 —
Event ID 18687 —
Event ID 18688 —
Event ID 18689 —
Event ID 18690 —
Event ID 18691 —
Event ID 18692 —
Event ID 18693 —
Event ID 18694 —
Event ID 18695 —
Fields #
| Name | Description |
|---|---|
LoopCount UInt32 | — |
Event ID 18696 —
Event ID 18697 —
Event ID 18698 —
Event ID 18699 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18699",
"version": "0",
"level": "4",
"task": "18699",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:21:14.993151600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13880"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18700 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18700",
"version": "0",
"level": "4",
"task": "18699",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:21:14.993869800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13880"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18701 —
Event ID 18702 —
Event ID 18703 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18705 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStringDatapointValue UnicodeString | — |
Event ID 18707 —
Event ID 18708 —
Event ID 18709 —
Event ID 18710 —
Event ID 18711 —
Event ID 18712 —
Event ID 18713 —
Event ID 18714 —
Event ID 18715 —
Event ID 18716 —
Event ID 18717 —
Event ID 18718 —
Event ID 18719 —
Event ID 18720 —
Event ID 18721 —
Event ID 18722 —
Event ID 18723 —
Event ID 18724 —
Event ID 18725 —
Event ID 18726 —
Event ID 18727 —
Event ID 18728 —
Event ID 18729 —
Event ID 18730 —
Event ID 18731 —
Event ID 18732 —
Event ID 18733 —
Event ID 18734 —
Event ID 18735 —
Event ID 18736 —
Event ID 18737 —
Event ID 18738 —
Event ID 18739 —
Fields #
| Name | Description |
|---|---|
ExecutableName UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18739",
"version": "0",
"level": "4",
"task": "18739",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:21:15.029195800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13880"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"ExecutableName": "\\\\FAKEHOST@80\\share\\execute.exe"
},
"message": ""
}
Event ID 18740 —
Fields #
| Name | Description |
|---|---|
ExecutableName UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18740",
"version": "0",
"level": "4",
"task": "18739",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:21:15.030696200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13880"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"ExecutableName": "\\\\FAKEHOST@80\\share\\execute.exe"
},
"message": ""
}
Event ID 18741 —
Event ID 18742 —
Event ID 18743 —
Event ID 18745 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18745",
"version": "0",
"level": "4",
"task": "18745",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.049543600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18747 —
Event ID 18749 —
Event ID 18751 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 18752 —
Event ID 18753 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18753",
"version": "0",
"level": "4",
"task": "18753",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.049480200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18755 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18755",
"version": "0",
"level": "4",
"task": "18753",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.049502100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18761 —
Event ID 18762 —
Event ID 18763 —
Event ID 18764 —
Event ID 18765 —
Event ID 18766 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 18767 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 18768 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18769 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18770 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18771 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18773 —
Fields #
| Name | Description |
|---|---|
TaskID GUID | — |
QueueItemCount Int32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18773",
"version": "0",
"level": "4",
"task": "18773",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:38.891582400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"TaskID": "{05cdcb31-adfd-4d5a-9c4e-1a5650fe0867}",
"QueueItemCount": "1"
},
"message": ""
}
Event ID 18775 —
Event ID 18776 —
Event ID 18777 —
Event ID 18778 —
Event ID 18779 —
Event ID 18780 —
Event ID 18781 —
Event ID 18782 —
Event ID 18783 —
Event ID 18784 —
Event ID 18787 —
Event ID 18788 —
Event ID 18789 —
Event ID 18790 —
Event ID 18791 —
Event ID 18792 —
Event ID 18793 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18794 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 18795 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18796 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18797 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18798 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18799 —
Event ID 18800 —
Event ID 18801 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18801",
"version": "0",
"level": "4",
"task": "18801",
"opcode": "1",
"keywords": 9223372036863164416,
"time_created": "2026-03-15T04:20:38.365211700+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18802 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18802",
"version": "0",
"level": "4",
"task": "18801",
"opcode": "2",
"keywords": 9223372036863164416,
"time_created": "2026-03-15T04:20:38.366382800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18803 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18803",
"version": "0",
"level": "4",
"task": "18803",
"opcode": "1",
"keywords": 9223372036863164416,
"time_created": "2026-03-15T04:20:38.357798200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18804 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18804",
"version": "0",
"level": "4",
"task": "18803",
"opcode": "2",
"keywords": 9223372036863164416,
"time_created": "2026-03-15T04:20:38.398240700+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18805 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18805",
"version": "0",
"level": "4",
"task": "18805",
"opcode": "1",
"keywords": 9223372036863164416,
"time_created": "2026-03-15T04:20:38.362240100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18806 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18806",
"version": "0",
"level": "4",
"task": "18805",
"opcode": "2",
"keywords": 9223372036863164416,
"time_created": "2026-03-15T04:20:38.371202700+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18807 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18807",
"version": "0",
"level": "4",
"task": "18807",
"opcode": "0",
"keywords": 9223372036863164416,
"time_created": "2026-03-15T04:20:38.358768300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18809 —
Event ID 18810 —
Event ID 18811 —
Event ID 18812 —
Event ID 18813 —
Event ID 18814 —
Event ID 18815 —
Event ID 18816 —
Event ID 18817 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18818 —
Event ID 18819 —
Event ID 18820 —
Fields #
| Name | Description |
|---|---|
CompletionDelta UInt64 | — |
SecondTimeDelta Double | — |
WindowSumOfRates Double | — |
CalculatedRate Double | — |
Event ID 18821 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 18823 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 18825 —
Event ID 18826 —
Event ID 18827 —
Event ID 18828 —
Event ID 18829 —
Event ID 18830 —
Event ID 18831 —
Event ID 18832 —
Event ID 18833 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18833",
"version": "0",
"level": "4",
"task": "18833",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:22:47.404632000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4124"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18834 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18834",
"version": "0",
"level": "4",
"task": "18833",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:22:47.405040600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4124"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18835 —
Event ID 18836 —
Event ID 18837 —
Event ID 18838 —
Event ID 18841 —
Event ID 18843 —
Event ID 18844 —
Event ID 18845 —
Event ID 18847 —
Event ID 18848 —
Event ID 18849 —
Event ID 18850 —
Event ID 18851 —
Event ID 18852 —
Event ID 18853 —
Event ID 18855 —
Event ID 18857 —
Event ID 18858 —
Event ID 18859 —
Event ID 18860 —
Event ID 18861 —
Event ID 18862 —
Event ID 18863 —
Event ID 18864 —
Event ID 18865 —
Fields #
| Name | Description |
|---|---|
Value UInt32 | — |
Event ID 18867 —
Event ID 18868 —
Event ID 18869 —
Event ID 18870 —
Event ID 18871 —
Event ID 18873 —
Fields #
| Name | Description |
|---|---|
guid GUID | — |
Event ID 18875 —
Fields #
| Name | Description |
|---|---|
guid GUID | — |
Event ID 18877 —
Event ID 18878 —
Event ID 18879 —
Event ID 18880 —
Event ID 18881 —
Event ID 18882 —
Event ID 18883 —
Event ID 18884 —
Event ID 18885 —
Event ID 18886 —
Event ID 18887 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 18888 —
Event ID 18889 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 18901 —
Event ID 18902 —
Event ID 18903 —
Fields #
| Name | Description |
|---|---|
PointsCurrent UInt64 | — |
PointsTotal UInt64 | — |
SizeCurrent UInt64 | — |
SizeTotal UInt64 | — |
ItemsCurrent UInt64 | — |
ItemsTotal UInt64 | — |
Event ID 18905 —
Fields #
| Name | Description |
|---|---|
pszSource UnicodeString | — |
pszDest UnicodeString | — |
SourceType UInt32 | — |
DestinationType UInt32 | — |
FileOp UInt32 | — |
FileSize UInt64 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18905",
"version": "0",
"level": "4",
"task": "18905",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:38.366379600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"pszSource": "C:\\Users\\domainadmin\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles",
"pszDest": "NULL",
"SourceType": " 3",
"DestinationType": " 0",
"FileOp": " 3",
"FileSize": "0"
},
"message": ""
}
Event ID 18907 —
Event ID 18909 —
Fields #
| Name | Description |
|---|---|
WorkDone UInt64 | — |
TimeElapsed UInt64 | — |
Event ID 18911 —
Fields #
| Name | Description |
|---|---|
NewMean UInt64 | — |
AverageMean UInt64 | — |
Estimate UInt64 | — |
Event ID 18913 —
Fields #
| Name | Description |
|---|---|
Speed UInt64 | — |
IsBytesPerSecond UInt32 | — |
Event ID 18915 —
Event ID 18917 —
Event ID 18918 —
Event ID 18919 —
Event ID 18920 —
Event ID 18921 —
Fields #
| Name | Description |
|---|---|
DROPEFFECT UInt32 | — |
Event ID 18922 —
Event ID 18923 —
Fields #
| Name | Description |
|---|---|
DeviceID UnicodeString | — |
Event ID 18924 —
Event ID 18925 —
Event ID 18927 —
Event ID 18929 —
Event ID 18931 —
Event ID 18932 —
Event ID 18933 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18934 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18935 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18936 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18937 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18939 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 18941 —
Event ID 18943 —
Event ID 18950 —
Event ID 18951 —
Fields #
| Name | Description |
|---|---|
ID UInt32 | — |
HWND UInt32 | — |
Event ID 18952 —
Event ID 18953 —
Fields #
| Name | Description |
|---|---|
ID UInt32 | — |
HWND UInt32 | — |
Event ID 18954 —
Fields #
| Name | Description |
|---|---|
ID UInt32 | — |
Event ID 18955 —
Event ID 18956 —
Fields #
| Name | Description |
|---|---|
ID UInt32 | — |
Event ID 18957 —
Event ID 18958 —
Fields #
| Name | Description |
|---|---|
Event UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18958",
"version": "0",
"level": "4",
"task": "18958",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:38.369560800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"Event": "0x4"
},
"message": ""
}
Event ID 18959 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18959",
"version": "0",
"level": "4",
"task": "18958",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:38.369636400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18960 —
Fields #
| Name | Description |
|---|---|
Event UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18960",
"version": "0",
"level": "4",
"task": "18960",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:38.369661700+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "5416"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"Event": "0x4"
},
"message": ""
}
Event ID 18961 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18961",
"version": "0",
"level": "4",
"task": "18960",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:38.369718200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "5416"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18962 —
Fields #
| Name | Description |
|---|---|
Event UInt32 | — |
ID UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18962",
"version": "0",
"level": "4",
"task": "18962",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:38.891479100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "5416"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"Event": "0x1000",
"ID": " 1"
},
"message": ""
}
Event ID 18963 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "18963",
"version": "0",
"level": "4",
"task": "18962",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:38.891496600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "5416"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 18964 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 18970 —
Fields #
| Name | Description |
|---|---|
pszOperationSource UnicodeString | — |
pszOperationDestination UnicodeString | — |
FileOp UInt32 | — |
IsOperationUndo Boolean | — |
UndoFlags UInt32 | — |
Event ID 18972 —
Fields #
| Name | Description |
|---|---|
pszOperationSource UnicodeString | — |
pszOperationDestination UnicodeString | — |
FileOp UInt32 | — |
IsOperationUndo Boolean | — |
UndoFlags UInt32 | — |
Event ID 18974 —
Fields #
| Name | Description |
|---|---|
pszOperationSource UnicodeString | — |
pszOperationDestination UnicodeString | — |
FileOp UInt32 | — |
IsOperationUndo Boolean | — |
UndoFlags UInt32 | — |
Event ID 18976 —
Fields #
| Name | Description |
|---|---|
pszOperationSource UnicodeString | — |
pszOperationDestination UnicodeString | — |
FileOp UInt32 | — |
IsOperationUndo Boolean | — |
UndoFlags UInt32 | — |
Event ID 18978 —
Fields #
| Name | Description |
|---|---|
pszOperationSource UnicodeString | — |
pszOperationDestination UnicodeString | — |
FileOp UInt32 | — |
IsOperationUndo Boolean | — |
UndoFlags UInt32 | — |
Event ID 18980 —
Event ID 19001 —
Fields #
| Name | Description |
|---|---|
TOID GUID | — |
Event ID 19002 —
Fields #
| Name | Description |
|---|---|
TOID GUID | — |
Event ID 19003 —
Fields #
| Name | Description |
|---|---|
TOID GUID | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19003",
"version": "0",
"level": "4",
"task": "19003",
"opcode": "1",
"keywords": 9223372036871553024,
"time_created": "2026-03-15T04:20:38.353817300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"TOID": "{c0d04af2-0d2d-48ad-b93f-cdf1d27437c3}"
},
"message": ""
}
Event ID 19004 —
Fields #
| Name | Description |
|---|---|
TOID GUID | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19004",
"version": "0",
"level": "4",
"task": "19003",
"opcode": "2",
"keywords": 9223372036871553024,
"time_created": "2026-03-15T04:20:38.398314600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"TOID": "{c0d04af2-0d2d-48ad-b93f-cdf1d27437c3}"
},
"message": ""
}
Event ID 19005 —
Fields #
| Name | Description |
|---|---|
TOID GUID | — |
Event ID 19006 —
Fields #
| Name | Description |
|---|---|
TOID GUID | — |
Event ID 19007 —
Fields #
| Name | Description |
|---|---|
TOID GUID | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19007",
"version": "0",
"level": "4",
"task": "19009",
"opcode": "0",
"keywords": 9223372036871553024,
"time_created": "2026-03-15T04:20:38.353789900+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"TOID": "{c0d04af2-0d2d-48ad-b93f-cdf1d27437c3}"
},
"message": ""
}
Event ID 19101 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
Event ID 19201 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 19203 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 19205 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 19207 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 19209 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 19211 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 19401 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19401",
"version": "0",
"level": "4",
"task": "19411",
"opcode": "1",
"keywords": 9223372036855037952,
"time_created": "2026-03-15T04:20:37.111778000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "10312",
"thread_id": "14168"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19403 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19403",
"version": "0",
"level": "4",
"task": "19411",
"opcode": "2",
"keywords": 9223372036855037952,
"time_created": "2026-03-15T04:20:37.111779100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "10312",
"thread_id": "14168"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19405 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19405",
"version": "0",
"level": "4",
"task": "19409",
"opcode": "1",
"keywords": 9223372036855037952,
"time_created": "2026-03-16T00:21:39.199862900+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19407 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19407",
"version": "0",
"level": "4",
"task": "19409",
"opcode": "2",
"keywords": 9223372036855037952,
"time_created": "2026-03-16T00:21:39.199914400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19409 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19409",
"version": "0",
"level": "4",
"task": "19407",
"opcode": "1",
"keywords": 9223372036855037952,
"time_created": "2026-03-15T04:20:38.358119100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19411 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19411",
"version": "0",
"level": "4",
"task": "19407",
"opcode": "2",
"keywords": 9223372036855037952,
"time_created": "2026-03-15T04:20:38.358124100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4164"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19413 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19413",
"version": "0",
"level": "4",
"task": "19403",
"opcode": "1",
"keywords": 9223372036855037952,
"time_created": "2026-03-15T04:20:50.033567700+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "5416"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19415 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19415",
"version": "0",
"level": "4",
"task": "19403",
"opcode": "2",
"keywords": 9223372036855037952,
"time_created": "2026-03-15T04:20:50.033570500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "5416"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19417 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19417",
"version": "0",
"level": "4",
"task": "19405",
"opcode": "1",
"keywords": 9223372036855037952,
"time_created": "2026-03-16T00:21:39.219215800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19419 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19419",
"version": "0",
"level": "4",
"task": "19405",
"opcode": "2",
"keywords": 9223372036855037952,
"time_created": "2026-03-16T00:21:39.219230300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19421 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19421",
"version": "0",
"level": "4",
"task": "19401",
"opcode": "1",
"keywords": 9223372036855037952,
"time_created": "2026-03-16T00:21:39.169995200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19423 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19423",
"version": "0",
"level": "4",
"task": "19401",
"opcode": "2",
"keywords": 9223372036855037952,
"time_created": "2026-03-16T00:21:39.170012800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19425 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19425",
"version": "0",
"level": "4",
"task": "19413",
"opcode": "1",
"keywords": 9223372036855037952,
"time_created": "2026-03-15T04:20:18.999180400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "10312",
"thread_id": "14168"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19427 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19427",
"version": "0",
"level": "4",
"task": "19413",
"opcode": "2",
"keywords": 9223372036855037952,
"time_created": "2026-03-15T04:20:18.999187900+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "10312",
"thread_id": "14168"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19429 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19429",
"version": "0",
"level": "4",
"task": "19415",
"opcode": "1",
"keywords": 9223372036855037952,
"time_created": "2026-03-15T04:20:51.144814400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "10312",
"thread_id": "14168"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19431 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19431",
"version": "0",
"level": "4",
"task": "19415",
"opcode": "2",
"keywords": 9223372036855037952,
"time_created": "2026-03-15T04:20:51.144816400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "10312",
"thread_id": "14168"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19433 —
Event ID 19435 —
Event ID 19437 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19437",
"version": "0",
"level": "4",
"task": "19419",
"opcode": "1",
"keywords": 9223372036855037952,
"time_created": "2026-03-15T04:20:50.066943000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13268"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19439 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19439",
"version": "0",
"level": "4",
"task": "19419",
"opcode": "2",
"keywords": 9223372036855037952,
"time_created": "2026-03-15T04:20:50.067581200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13268"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19441 —
Fields #
| Name | Description |
|---|---|
PathToIcon UnicodeString | — |
IconOffset Int32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19441",
"version": "0",
"level": "4",
"task": "19421",
"opcode": "0",
"keywords": 9223372036855037952,
"time_created": "2026-03-15T04:20:51.144804100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "10312",
"thread_id": "14168"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"PathToIcon": "C:\\Windows\\System32\\PING.EXE",
"IconOffset": "0"
},
"message": ""
}
Event ID 19443 —
Fields #
| Name | Description |
|---|---|
PathToIcon UnicodeString | — |
IconOffset Int32 | — |
FromIconSize Int32 | — |
ToIconSize Int32 | — |
Event ID 19501 —
Fields #
| Name | Description |
|---|---|
Name UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19501",
"version": "0",
"level": "4",
"task": "19501",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:37.111299600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "10312",
"thread_id": "14168"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"Name": "C:\\Program Files\\Git\\usr\\bin\\bash.exe"
},
"message": ""
}
Event ID 19502 —
Fields #
| Name | Description |
|---|---|
Name UnicodeString | — |
HRESULT UInt32 | — |
PIDL_out UInt64 | — |
HWND UInt32 | — |
IBindCtx UInt64 | — |
cbEaten UInt32 | — |
dwAttributes UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19502",
"version": "0",
"level": "4",
"task": "19501",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:37.111768200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "10312",
"thread_id": "14168"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"Name": "C:\\Program Files\\Git\\usr\\bin\\bash.exe",
"HRESULT": "0x0",
"PIDL_out": "0x1E332146560",
"HWND": "0x0",
"IBindCtx": "0x1E335296560",
"cbEaten": "4294967295",
"dwAttributes": "0xFFFFFFFF"
},
"message": ""
}
Event ID 19503 —
Fields #
| Name | Description |
|---|---|
Address UInt64 | — |
Depth UInt32 | — |
Children Int8 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19503",
"version": "0",
"level": "4",
"task": "19503",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.047254400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 19504 —
Fields #
| Name | Description |
|---|---|
Address UInt64 | — |
HRESULT UInt32 | — |
Flags UInt32 | — |
Name UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "19504",
"version": "0",
"level": "4",
"task": "19503",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.047257200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"Address": "0xC7E4250",
"HRESULT": "0x0",
"Flags": "0x8001",
"Name": "automaton"
},
"message": ""
}
Event ID 19601 —
Event ID 19602 —
Event ID 19603 —
Event ID 19604 —
Event ID 19605 —
Event ID 19606 —
Event ID 19607 —
Event ID 19608 —
Event ID 19611 —
Event ID 19613 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 19615 —
Fields #
| Name | Description |
|---|---|
guid GUID | — |
Event ID 19617 —
Fields #
| Name | Description |
|---|---|
pszName UnicodeString | — |
fVal UInt32 | — |
Event ID 19619 —
Fields #
| Name | Description |
|---|---|
uMode UInt32 | — |
Event ID 19621 —
Fields #
| Name | Description |
|---|---|
uAnimationType UInt32 | — |
Event ID 19623 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 19625 —
Event ID 19627 —
Event ID 19628 —
Fields #
| Name | Description |
|---|---|
Value UInt32 | — |
Event ID 19635 —
Event ID 19636 —
Event ID 19801 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 19803 —
Event ID 19804 —
Event ID 19805 —
Event ID 19900 —
Fields #
| Name | Description |
|---|---|
OldState Int32 | — |
NewState Int32 | — |
Event ID 20001 —
Event ID 20002 —
Event ID 20003 —
Event ID 20004 —
Event ID 20005 —
Event ID 20006 —
Event ID 20007 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20009 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20011 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20013 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20015 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 20017 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20019 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20021 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20023 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20025 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20027 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20029 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20031 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20033 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20035 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20037 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20039 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20041 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20043 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 20045 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 20047 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 20049 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 20051 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 20053 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 20055 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 20057 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20059 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 20061 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 20063 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 20065 —
Event ID 20066 —
Event ID 20067 —
Event ID 20068 —
Event ID 20069 —
Event ID 20070 —
Event ID 20071 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 20072 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 20073 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 20075 —
Event ID 20076 —
Fields #
| Name | Description |
|---|---|
LoopCount UInt32 | — |
Event ID 20102 —
Event ID 20103 —
Event ID 20104 —
Event ID 20105 —
Event ID 20106 —
Event ID 20107 —
Event ID 20108 —
Event ID 20109 —
Event ID 20111 —
Event ID 20112 —
Event ID 20900 —
Event ID 20901 —
Event ID 20902 —
Event ID 20903 —
Event ID 20905 —
Event ID 20906 —
Event ID 20907 —
Event ID 20908 —
Event ID 20909 —
Event ID 20910 —
Event ID 20911 —
Event ID 20912 —
Event ID 20914 —
Event ID 20915 —
Event ID 20916 —
Event ID 20917 —
Event ID 20918 —
Event ID 20919 —
Event ID 20920 —
Fields #
| Name | Description |
|---|---|
EXTENDED_NAME_FORMAT UInt32 | — |
Event ID 20921 —
Fields #
| Name | Description |
|---|---|
EXTENDED_NAME_FORMAT UInt32 | — |
Event ID 21001 —
Fields #
| Name | Description |
|---|---|
LoopCount UInt32 | — |
Event ID 21002 —
Event ID 21003 —
Event ID 21004 —
Event ID 21005 —
Fields #
| Name | Description |
|---|---|
nIcons UInt32 | — |
Event ID 21006 —
Event ID 21007 —
Fields #
| Name | Description |
|---|---|
TrayCode UInt32 | — |
guid GUID | — |
uID UInt32 | — |
HWND UInt32 | — |
Event ID 21009 —
Fields #
| Name | Description |
|---|---|
TrayCode UInt32 | — |
guid GUID | — |
uID UInt32 | — |
HWND UInt32 | — |
uReasonForDelete UInt32 | — |
Event ID 21011 —
Fields #
| Name | Description |
|---|---|
TrayCode UInt32 | — |
guid GUID | — |
uID UInt32 | — |
HWND UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "21011",
"version": "0",
"level": "4",
"task": "21011",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:19.002368900+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"TrayCode": " 1",
"guid": "{00000000-0000-0000-0000-000000000000}",
"uID": " 0",
"HWND": "0x51054A"
},
"message": ""
}
Event ID 21013 —
Fields #
| Name | Description |
|---|---|
guid GUID | — |
uID UInt32 | — |
HWND UInt32 | — |
Result UInt32 | — |
Event ID 21015 —
Fields #
| Name | Description |
|---|---|
guid GUID | — |
uID UInt32 | — |
HWND UInt32 | — |
Result UInt32 | — |
Event ID 21017 —
Event ID 21018 —
Fields #
| Name | Description |
|---|---|
Value UInt32 | — |
Event ID 22001 —
Event ID 22002 —
Event ID 22003 —
Event ID 22004 —
Event ID 22005 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22006 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22007 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22009 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22011 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22013 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22014 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22015 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22017 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22018 —
Fields #
| Name | Description |
|---|---|
HWNDSrc Pointer | — |
HWNDThumbnail Pointer | — |
Event ID 22019 —
Fields #
| Name | Description |
|---|---|
HWNDSrc Pointer | — |
HWNDThumbnail Pointer | — |
Event ID 22020 —
Fields #
| Name | Description |
|---|---|
iId UInt32 | — |
fFromGlom UInt32 | — |
Event ID 22021 —
Fields #
| Name | Description |
|---|---|
iId UInt32 | — |
fFromGlom UInt32 | — |
Event ID 22022 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 22023 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 22025 —
Fields #
| Name | Description |
|---|---|
HWND UInt32 | — |
Event ID 22026 —
Fields #
| Name | Description |
|---|---|
HWND UInt32 | — |
dwValue UInt32 | — |
Event ID 22027 —
Fields #
| Name | Description |
|---|---|
HWND UInt32 | — |
dwFlags UInt32 | — |
Event ID 22028 —
Fields #
| Name | Description |
|---|---|
hwndTaskBand Pointer | — |
pTBGroup Pointer | — |
pszExePath UnicodeString | — |
tbgType UInt32 | — |
x Int32 | — |
y Int32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "22028",
"version": "0",
"level": "4",
"task": "22030",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:22:41.468372200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"hwndTaskBand": "0x20144",
"pTBGroup": "0xC910520",
"pszExePath": "C:\\Windows\\System32\\msdtc.exe",
"tbgType": " 1",
"x": "249",
"y": "1"
},
"message": ""
}
Event ID 22029 —
Fields #
| Name | Description |
|---|---|
hwndTaskBand Pointer | — |
pTBGroup Pointer | — |
pszExePath UnicodeString | — |
tbgType UInt32 | — |
x Int32 | — |
y Int32 | — |
Event ID 22030 —
Fields #
| Name | Description |
|---|---|
hwndTaskBand Pointer | — |
pTBGroup Pointer | — |
pszExePath UnicodeString | — |
tbgType UInt32 | — |
x Int32 | — |
y Int32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "22030",
"version": "0",
"level": "4",
"task": "22032",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:22:41.489988000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"hwndTaskBand": "0x20144",
"pTBGroup": "0xC910520",
"pszExePath": "C:\\Windows\\System32\\msdtc.exe",
"tbgType": " 0",
"x": "249",
"y": "1"
},
"message": ""
}
Event ID 22031 —
Fields #
| Name | Description |
|---|---|
hwnd Pointer | — |
hwndTaskBand Pointer | — |
pTBGroup Pointer | — |
pszExePath UnicodeString | — |
tbgType UInt32 | — |
x Int32 | — |
y Int32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "22031",
"version": "0",
"level": "4",
"task": "22033",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:22:41.468376600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"hwnd": "0x380680",
"hwndTaskBand": "0x20144",
"pTBGroup": "0xC910520",
"pszExePath": "C:\\Windows\\System32\\msdtc.exe",
"tbgType": " 1",
"x": "249",
"y": "1"
},
"message": ""
}
Event ID 22032 —
Fields #
| Name | Description |
|---|---|
hwnd Pointer | — |
hwndTaskBand Pointer | — |
pTBGroup Pointer | — |
pszExePath UnicodeString | — |
tbgType UInt32 | — |
x Int32 | — |
y Int32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "22032",
"version": "0",
"level": "4",
"task": "22034",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:22:41.468405400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"hwnd": "0x380680",
"hwndTaskBand": "0x20144",
"pTBGroup": "0xC910520",
"pszExePath": "C:\\Windows\\System32\\msdtc.exe",
"tbgType": " 1",
"x": "249",
"y": "1"
},
"message": ""
}
Event ID 22033 —
Fields #
| Name | Description |
|---|---|
hwnd Pointer | — |
hwndTaskBand Pointer | — |
pTBGroup Pointer | — |
pszExePath UnicodeString | — |
tbgType UInt32 | — |
x Int32 | — |
y Int32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "22033",
"version": "0",
"level": "4",
"task": "22035",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:22:41.489787000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"hwnd": "0x380680",
"hwndTaskBand": "0x20144",
"pTBGroup": "0xC910520",
"pszExePath": "C:\\Windows\\System32\\msdtc.exe",
"tbgType": " 1",
"x": "249",
"y": "1"
},
"message": ""
}
Event ID 22034 —
Fields #
| Name | Description |
|---|---|
fShowText UInt32 | — |
Event ID 22035 —
Fields #
| Name | Description |
|---|---|
hwndItem Pointer | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "22035",
"version": "0",
"level": "4",
"task": "22037",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:22:41.461680100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"hwndItem": "0x380680"
},
"message": ""
}
Event ID 22036 —
Fields #
| Name | Description |
|---|---|
hwndItem Pointer | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "22036",
"version": "0",
"level": "4",
"task": "22038",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:22:41.490201700+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"hwndItem": "0x380680"
},
"message": ""
}
Event ID 22037 —
Fields #
| Name | Description |
|---|---|
pszGroup UnicodeString | — |
hwndItem Pointer | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "22037",
"version": "0",
"level": "4",
"task": "22039",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:22:41.465049300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"pszGroup": "C:\\Windows\\System32\\msdtc.exe",
"hwndItem": "0x0"
},
"message": ""
}
Event ID 22038 —
Fields #
| Name | Description |
|---|---|
pszGroup UnicodeString | — |
hwndItem Pointer | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "22038",
"version": "0",
"level": "4",
"task": "22040",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:22:41.490199000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"pszGroup": "C:\\Windows\\System32\\msdtc.exe",
"hwndItem": "0x0"
},
"message": ""
}
Event ID 22039 —
Fields #
| Name | Description |
|---|---|
pszGroup UnicodeString | — |
hwndItem Pointer | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "22039",
"version": "0",
"level": "4",
"task": "22041",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:22:41.461697100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"pszGroup": "NULL",
"hwndItem": "0x380680"
},
"message": ""
}
Event ID 22040 —
Fields #
| Name | Description |
|---|---|
pszGroup UnicodeString | — |
hwndItem Pointer | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "22040",
"version": "0",
"level": "4",
"task": "22042",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:22:41.464943600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"pszGroup": "NULL",
"hwndItem": "0x380680"
},
"message": ""
}
Event ID 22041 —
Fields #
| Name | Description |
|---|---|
pObj UInt64 | — |
nAnimType UInt32 | — |
Event ID 22042 —
Fields #
| Name | Description |
|---|---|
pObj UInt64 | — |
nAnimType UInt32 | — |
Event ID 22043 —
Event ID 22044 —
Event ID 22045 —
Fields #
| Name | Description |
|---|---|
nVisibleRow UInt32 | — |
nRequiredRow UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "22045",
"version": "0",
"level": "4",
"task": "22045",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:22:41.468159300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"nVisibleRow": " 1",
"nRequiredRow": " 1"
},
"message": ""
}
Event ID 22046 —
Fields #
| Name | Description |
|---|---|
nTotalWidth UInt32 | — |
nTotalFixedWidth UInt32 | — |
iGroupStart UInt32 | — |
iItemStart UInt32 | — |
iGroupEnd UInt32 | — |
iItemEnd UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "22046",
"version": "0",
"level": "4",
"task": "22046",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:22:41.468192400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"nTotalWidth": " 1101",
"nTotalFixedWidth": " 221",
"iGroupStart": " 0",
"iItemStart": "4294967295",
"iGroupEnd": " 5",
"iItemEnd": "4294967295"
},
"message": ""
}
Event ID 22047 —
Fields #
| Name | Description |
|---|---|
hwndTaskBand Pointer | — |
pTBGroup Pointer | — |
pszExePath UnicodeString | — |
tbgType UInt32 | — |
x Int32 | — |
y Int32 | — |
Event ID 22048 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 22049 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 22050 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 22051 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 22052 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 22053 —
Fields #
| Name | Description |
|---|---|
nTotalHeight UInt32 | — |
nTotalFixedHeight UInt32 | — |
iGroupStart UInt32 | — |
iItemStart UInt32 | — |
iGroupEnd UInt32 | — |
iItemEnd UInt32 | — |
Event ID 22054 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22055 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 22056 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22057 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22058 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 22059 —
Fields #
| Name | Description |
|---|---|
Index UInt32 | — |
Event ID 22060 —
Fields #
| Name | Description |
|---|---|
HWND Pointer | — |
Event ID 22061 —
Fields #
| Name | Description |
|---|---|
HWND Pointer | — |
Event ID 22062 —
Fields #
| Name | Description |
|---|---|
Index UInt32 | — |
Event ID 22063 —
Fields #
| Name | Description |
|---|---|
HWND Pointer | — |
Event ID 22064 —
Fields #
| Name | Description |
|---|---|
HWND Pointer | — |
IsFlashed UInt32 | — |
SourceType UInt32 | — |
Event ID 22065 —
Event ID 22066 —
Event ID 22067 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 22068 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22069 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22070 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22071 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 22072 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 22073 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22074 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 22075 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22076 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22077 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 22078 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 22079 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "22079",
"version": "0",
"level": "4",
"task": "22079",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:38.364159200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 22080 —
Event ID 22081 —
Event ID 22082 —
#Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 22082,
"version": 0,
"level": 4,
"task": 22082,
"opcode": 1,
"keywords": 2305843009213759488,
"time_created": "2022-04-07T16:48:29.343379+00:00",
"event_record_id": 127,
"correlation": {},
"execution": {
"process_id": 4128,
"thread_id": 5112
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WIN-FPV0DSIC9O6",
"security": {
"user_id": "S-1-5-21-2121334350-1110938707-2888912545-500"
}
},
"event_data": {},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 22083 —
#Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 22083,
"version": 0,
"level": 4,
"task": 22082,
"opcode": 2,
"keywords": 2305843009213759488,
"time_created": "2022-04-07T16:48:29.346909+00:00",
"event_record_id": 128,
"correlation": {},
"execution": {
"process_id": 4128,
"thread_id": 5112
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WIN-FPV0DSIC9O6",
"security": {
"user_id": "S-1-5-21-2121334350-1110938707-2888912545-500"
}
},
"event_data": {},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 23001 —
Event ID 23002 —
Event ID 23003 —
Event ID 23004 —
Event ID 23005 —
Event ID 23006 —
Event ID 23007 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 23008 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 23009 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 23010 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 23011 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 23012 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 23013 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 23101 —
Fields #
| Name | Description |
|---|---|
Query UnicodeString | — |
Event ID 23110 —
Event ID 23111 —
Event ID 23201 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 23203 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 23205 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 26001 —
Fields #
| Name | Description |
|---|---|
Operation UnicodeString | — Known values
|
Type UInt32 | — |
Event UInt32 | — |
Event ID 26002 —
Fields #
| Name | Description |
|---|---|
Operation UnicodeString | — Known values
|
PendingCount UInt32 | — |
EventReadyState UInt32 | — |
Event ID 26003 —
Event ID 26004 —
Event ID 26005 —
Event ID 26006 —
Event ID 26007 —
Fields #
| Name | Description |
|---|---|
Operation UnicodeString | — Known values
|
Type UInt32 | — |
Event UInt32 | — |
Event ID 26009 —
Fields #
| Name | Description |
|---|---|
Caller UnicodeString | — |
IItemCollection Pointer | — |
ICollectionEventSink Pointer | — |
Cookie UInt32 | — |
HRESULT UInt32 | — |
Event ID 26010 —
Fields #
| Name | Description |
|---|---|
Caller UnicodeString | — |
IItemCollection Pointer | — |
ICollectionEventSink Pointer | — |
Cookie UInt32 | — |
HRESULT UInt32 | — |
Event ID 26011 —
Fields #
| Name | Description |
|---|---|
RetVal UInt32 | — |
HWND Pointer | — |
Message UInt64 | — |
WPARAM UInt64 | — |
LPARAM UInt64 | — |
GetLastError UInt32 | — |
Event ID 27002 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27004 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27005 —
Event ID 27006 —
Event ID 27007 —
Event ID 27008 —
Event ID 27009 —
Event ID 27010 —
Event ID 27011 —
Event ID 27012 —
Event ID 27013 —
Event ID 27014 —
Event ID 27015 —
Event ID 27016 —
Event ID 27018 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27020 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27022 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27024 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27026 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27028 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27030 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27032 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27034 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27036 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27038 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27040 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27042 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27044 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27046 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27048 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27050 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27052 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27054 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27056 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27058 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27060 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27062 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27064 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27078 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27080 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27082 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27084 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27086 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27088 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27090 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27092 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27094 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27096 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27098 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27100 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27102 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27104 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27106 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27108 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27110 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27112 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27114 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27116 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27118 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27120 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27122 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27124 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27126 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27128 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27142 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27144 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27145 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
Event ID 27146 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27147 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
Event ID 27148 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27149 —
Event ID 27151 —
Event ID 27152 —
Event ID 27153 —
Event ID 27154 —
Event ID 27155 —
Event ID 27156 —
Event ID 27157 —
Event ID 27158 —
Event ID 27159 —
Event ID 27160 —
Event ID 27161 —
Event ID 27162 —
Event ID 27163 —
Event ID 27164 —
Event ID 27165 —
Event ID 27166 —
Event ID 27168 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27170 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27172 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27173 —
Event ID 27174 —
Event ID 27176 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27178 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27180 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27182 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27184 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27186 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27188 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27190 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27191 —
Event ID 27192 —
Event ID 27193 —
Event ID 27194 —
Event ID 27195 —
Event ID 27196 —
Event ID 27197 —
Event ID 27198 —
Event ID 27199 —
Event ID 27200 —
Event ID 27202 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27203 —
Event ID 27204 —
Event ID 27206 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27208 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27209 —
Event ID 27210 —
Event ID 27211 —
Event ID 27212 —
Event ID 27213 —
Event ID 27214 —
Event ID 27215 —
Event ID 27216 —
Event ID 27217 —
Fields #
| Name | Description |
|---|---|
PerfTrackId UInt32 | — |
Event ID 27218 —
Fields #
| Name | Description |
|---|---|
PerfTrackId UInt32 | — |
Event ID 27221 —
Event ID 27222 —
Event ID 27223 —
Event ID 27224 —
Event ID 27226 —
Event ID 27227 —
Event ID 27229 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27230 —
Event ID 27231 —
Event ID 27233 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27234 —
Event ID 27235 —
Event ID 27236 —
Event ID 27237 —
Event ID 27238 —
Event ID 27239 —
Event ID 27240 —
Event ID 27241 —
Event ID 27242 —
Event ID 27243 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
Event ID 27244 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
Event ID 27248 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27250 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27252 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27254 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 27255 —
Event ID 27256 —
Fields #
| Name | Description |
|---|---|
RenderedTileCount UInt32 | — |
RealizedTileCount UInt32 | — |
Event ID 27257 —
Fields #
| Name | Description |
|---|---|
BrowserId UInt32 | — |
ItemCount UInt32 | — |
Event ID 28003 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "28003",
"version": "0",
"level": "4",
"task": "28163",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:38.453753500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "13268"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 28004 —
Event ID 28017 — AppResolver Scan Started.
#Description
AppResolver Scan Started.
Message #
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 28017,
"version": 0,
"level": 4,
"task": 28177,
"opcode": 1,
"keywords": 2305843009213759488,
"time_created": "2023-11-06T01:43:29.982089+00:00",
"event_record_id": 2837,
"correlation": {
"ActivityID": "E4DB489E-1037-0000-7E84-E2E43710DA01"
},
"execution": {
"process_id": 10860,
"thread_id": 8488
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 28018 — AppResolver Scan Stopped.
#Description
AppResolver Scan Stopped.
Message #
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 28018,
"version": 0,
"level": 4,
"task": 28177,
"opcode": 2,
"keywords": 2305843009213759488,
"time_created": "2023-11-06T01:43:34.433011+00:00",
"event_record_id": 2841,
"correlation": {
"ActivityID": "E4DB489E-1037-0000-7E84-E2E43710DA01"
},
"execution": {
"process_id": 10860,
"thread_id": 8488
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 28019 — AppResolver Cache Committed.
#Description
AppResolver Cache Committed.
Message #
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 28019,
"version": 0,
"level": 4,
"task": 28179,
"opcode": 0,
"keywords": 2305843009213759488,
"time_created": "2023-11-06T01:43:34.656672+00:00",
"event_record_id": 2842,
"correlation": {
"ActivityID": "E4DB489E-1037-0000-7E84-E2E43710DA01"
},
"execution": {
"process_id": 10860,
"thread_id": 8488
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 28025 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 28026 —
Fields #
| Name | Description |
|---|---|
AppID UnicodeString | — |
Code UInt32 | — |
Event ID 28027 —
Fields #
| Name | Description |
|---|---|
AppID UnicodeString | — |
Event Int32 | — |
Event ID 28028 —
Fields #
| Name | Description |
|---|---|
Identity UnicodeString | — |
Event ID 28029 —
Fields #
| Name | Description |
|---|---|
InstalledVersion Int32 | — |
HRESULT UInt32 | — |
Event ID 28030 —
Fields #
| Name | Description |
|---|---|
StoreVersion Int32 | — |
InstalledVersion Int32 | — |
Event ID 28031 —
Fields #
| Name | Description |
|---|---|
AppID UnicodeString | — |
Event Int32 | — |
Event ID 28032 — AppResolver has parsed the visual elements manifest for a tile.
#Description
AppResolver has parsed the visual elements manifest for a tile.
Message #
Fields #
| Name | Description |
|---|---|
Filename UnicodeString | — |
SchemaType UInt32 | — |
ErrorCode UInt32 | — |
Failure reason UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 28032,
"version": 0,
"level": 4,
"task": 28180,
"opcode": 0,
"keywords": 2305843009213759488,
"time_created": "2023-11-05T23:52:32.768687+00:00",
"event_record_id": 2547,
"correlation": {
"ActivityID": "E4DB489E-1037-0001-8D57-DBE43710DA01"
},
"execution": {
"process_id": 5044,
"thread_id": 10156
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"Filename": "C:\\Program Files (x86)\\Dropbox\\Client\\Dropbox.VisualElementsManifest.xml",
"SchemaType": 2,
"ErrorCode": 0,
"Failure reason": "NULL"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 28101 —
Event ID 28103 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "28103",
"version": "0",
"level": "4",
"task": "28185",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:18.461180100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "4760"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 28105 —
Event ID 28107 —
Fields #
| Name | Description |
|---|---|
AppID UnicodeString | — |
Code UInt32 | — |
Event ID 28109 — Application AppID state changed from OldState to NewState due to package PackageName having state Value in registry list.
Event ID 28111 — Application AppID state changed from OldState to NewState due to package PackageName being removed from registry list.
Event ID 28113 — Change notified on {Filename} with event {Event}.
Event ID 28115 — Shortcut for application Name with ID AppID and flags Flags is added to app resolver cache.
#Description
Shortcut for application Name with ID AppID and flags Flags is added to app resolver cache.
Message #
Fields #
| Name | Description |
|---|---|
Name UnicodeString | — |
AppID UnicodeString | — |
Flags UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 28115,
"version": 0,
"level": 4,
"task": 28141,
"opcode": 0,
"keywords": 2305843009213759488,
"time_created": "2023-11-06T01:43:34.432903+00:00",
"event_record_id": 2840,
"correlation": {
"ActivityID": "E4DB489E-1037-0000-7E84-E2E43710DA01"
},
"execution": {
"process_id": 10860,
"thread_id": 8488
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"Name": "Google Password Manager",
"AppID": "Chrome._crx_kajebgjangfejcanhanjmmbcfd",
"Flags": 17
},
"message": ""
}
Detection Rules #
View all rules referencing this event →
Sigma # view in reference
- Suspicious Application Installed source medium: Detects suspicious application installed by looking at the added shortcut to the app resolver cache
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 28116 — Shortcut for application Name with ID AppID and flags Flags is removed from app resolver cache.
Event ID 28117 — Shortcut for application Name with ID AppID and flags Flags is updated in app resolver cache.
#Description
Shortcut for application Name with ID AppID and flags Flags is updated in app resolver cache.
Message #
Fields #
| Name | Description |
|---|---|
Name UnicodeString | — |
AppID UnicodeString | — |
Flags UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 28117,
"version": 0,
"level": 4,
"task": 28143,
"opcode": 0,
"keywords": 2305843009213759488,
"time_created": "2023-11-06T00:55:14.841614+00:00",
"event_record_id": 2815,
"correlation": {},
"execution": {
"process_id": 10860,
"thread_id": 17252
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"Name": "Avast Free Antivirus",
"AppID": "avast! Antivirus",
"Flags": 17
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 28119 — Start screen loaded layout which contains Groups groups and Tiles tiles (including Placeholders placeholders), Flags=Flags.
Event ID 28121 — Start screen loaded persisted layout which contains {Groups} groups and {Tiles} tiles (including {Placeholders} placeholders).
Event ID 28123 — Updated start screen layout: ItemsExisting items initially; ItemsAdded added; ItemsRemoved removed; ItemsRemoved updated.
Event ID 28125 — Starting to refresh app resolver cache for scenario Scenario with flags Flags.
#Description
Starting to refresh app resolver cache for scenario Scenario with flags Flags.
Message #
Fields #
| Name | Description |
|---|---|
Scenario Int32 | — |
Flags Int32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 28125,
"version": 0,
"level": 4,
"task": 28137,
"opcode": 0,
"keywords": 2305843009213759488,
"time_created": "2023-11-05T23:53:59.757383+00:00",
"event_record_id": 2613,
"correlation": {},
"execution": {
"process_id": 10860,
"thread_id": 9624
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"Scenario": 1,
"Flags": 2316
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 28127 —
Fields #
| Name | Description |
|---|---|
UpdateSource Int32 | — |
RetryCount Int32 | — |
ErrorCode UInt32 | — |
Event ID 28189 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 28191 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 28193 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 28195 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 50001 —
Event ID 50002 —
Event ID 50101 —
Event ID 50102 —
Event ID 50103 —
Event ID 50104 —
Event ID 50105 —
Event ID 50106 —
Event ID 50107 —
Event ID 50108 —
Event ID 50201 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 50202 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 50203 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 50204 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 50205 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 50206 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 50207 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 50208 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 50209 —
Event ID 50210 —
Event ID 50211 —
Event ID 60000 —
Event ID 60001 —
Event ID 60002 —
Event ID 60003 —
Event ID 60004 —
Event ID 60005 —
Event ID 60006 —
Event ID 60007 —
Event ID 60008 —
Event ID 60009 —
Event ID 60010 —
Event ID 60011 —
Event ID 60012 —
Event ID 60013 —
Event ID 60014 —
Event ID 60015 —
Event ID 60016 —
Event ID 60017 —
Event ID 60018 —
Event ID 60019 —
Event ID 60020 —
Event ID 60021 —
Event ID 60022 —
Event ID 60023 —
Event ID 60025 —
Event ID 60026 —
Event ID 60027 —
Event ID 60028 —
Event ID 60029 —
Event ID 60030 —
Event ID 60031 —
Event ID 60032 —
Event ID 60033 —
Event ID 60034 —
Event ID 60035 —
Event ID 60036 —
Event ID 60037 —
Event ID 60101 —
Event ID 60102 —
Event ID 60103 —
Event ID 60104 —
Event ID 60105 —
Event ID 60106 —
Event ID 60107 —
Event ID 60108 —
Event ID 60109 —
Event ID 60110 —
Event ID 60111 —
Event ID 60112 —
Event ID 60113 —
Event ID 60114 —
Event ID 60115 —
Event ID 60116 —
Event ID 60117 —
Event ID 60118 —
Event ID 60119 —
Event ID 60120 —
Event ID 60201 —
Event ID 60202 —
Event ID 60203 —
Event ID 60204 —
Event ID 60205 —
Event ID 60206 —
Event ID 60213 —
Event ID 60214 —
Event ID 60215 —
Event ID 60216 —
Fields #
| Name | Description |
|---|---|
CLSIDTextService GUID | — |
LangId UInt32 | — |
LangProfile GUID | — |
Event ID 60217 —
Fields #
| Name | Description |
|---|---|
CLSIDTextService GUID | — |
LangId UInt32 | — |
LangProfile GUID | — |
HRESULT UInt32 | — |
QueryLen UInt32 | — |
AltCount UInt32 | — |
ReasonCode UInt32 | — |
Event ID 60218 —
Fields #
| Name | Description |
|---|---|
AnimId UInt32 | — |
Event ID 60219 —
Fields #
| Name | Description |
|---|---|
AnimId UInt32 | — |
Event ID 60220 —
Fields #
| Name | Description |
|---|---|
ElemId UInt32 | — |
IsUILess Boolean | — |
IsIntegratable Boolean | — |
Event ID 60221 —
Fields #
| Name | Description |
|---|---|
ElemId UInt32 | — |
Flags UInt32 | — |
Event ID 60222 —
Fields #
| Name | Description |
|---|---|
ElemId UInt32 | — |
Event ID 60301 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "60301",
"version": "0",
"level": "4",
"task": "60301",
"opcode": "1",
"keywords": 9225623836668526592,
"time_created": "2026-03-15T04:21:15.003422300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 60302 —
Event ID 60303 —
Event ID 60304 —
Event ID 60305 —
Event ID 60306 —
Event ID 60307 —
Event ID 60308 —
Event ID 60309 —
Event ID 60310 —
Event ID 60311 —
Event ID 60312 —
Event ID 60401 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmDWORDDatapointValue UInt32 | — |
Event ID 60501 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 60503 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 60601 —
Event ID 60603 —
Fields #
| Name | Description |
|---|---|
Events UInt32 | — |
Event ID 60604 —
Fields #
| Name | Description |
|---|---|
Events UInt32 | — |
Event ID 60605 —
Event ID 60606 —
Fields #
| Name | Description |
|---|---|
Events UInt32 | — |
Event ID 60607 —
Event ID 60609 —
Event ID 60610 —
Event ID 60611 —
Event ID 60612 —
Fields #
| Name | Description |
|---|---|
Flushed UInt32 | — |
Skipped UInt32 | — |
Batched UInt32 | — |
Event ID 60613 —
Event ID 60614 —
Event ID 60615 —
Event ID 60616 —
Event ID 60617 —
Event ID 60618 —
Event ID 60619 —
Event ID 60620 —
Event ID 60621 —
Event ID 60622 —
Event ID 60623 —
Event ID 60624 —
Event ID 60625 —
Event ID 60626 —
Event ID 60627 —
Event ID 60628 —
Event ID 60629 —
Event ID 60631 —
Fields #
| Name | Description |
|---|---|
ANIMATIONTYPE UInt32 | — |
Event ID 60632 —
Fields #
| Name | Description |
|---|---|
ANIMATIONTYPE UInt32 | — |
Event ID 60633 —
Fields #
| Name | Description |
|---|---|
ANIMATIONTYPE UInt32 | — |
Event ID 60634 —
Fields #
| Name | Description |
|---|---|
ANIMATIONTYPE UInt32 | — |
Event ID 60635 —
Event ID 60636 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Width UInt32 | — |
Height UInt32 | — |
Event ID 60637 —
Event ID 60638 —
Fields #
| Name | Description |
|---|---|
AnimationTime UInt32 | — |
Frames UInt32 | — |
Framerate Double | — |
BackBuffersUsed UInt32 | — |
Event ID 60639 —
Event ID 60640 —
Event ID 60641 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 60643 —
Event ID 60644 —
Event ID 60645 —
Event ID 60646 —
Event ID 60647 —
Event ID 60648 —
Fields #
| Name | Description |
|---|---|
SetRedrawCount UInt32 | — |
Event ID 60649 —
Event ID 60650 —
Event ID 60651 —
Event ID 60652 —
Event ID 60653 —
Fields #
| Name | Description |
|---|---|
Items UInt32 | — |
Event ID 60655 —
Event ID 60657 —
Event ID 60659 —
Fields #
| Name | Description |
|---|---|
MonitorID UInt32 | — |
Left Int32 | — |
Top Int32 | — |
Right Int32 | — |
Bottom Int32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "60659",
"version": "0",
"level": "4",
"task": "60659",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:38.361259000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"MonitorID": " 0",
"Left": "0",
"Top": "0",
"Right": "1760",
"Bottom": "2048"
},
"message": ""
}
Event ID 60661 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 60701 —
Event ID 60702 —
Event ID 60705 —
Fields #
| Name | Description |
|---|---|
WorkItem UnicodeString | — |
HRESULT UInt32 | — |
TimeToNextTick UInt32 | — |
Paused UInt32 | — |
Event ID 60706 —
Fields #
| Name | Description |
|---|---|
ErrorCode UInt32 | — |
Event ID 60707 —
Fields #
| Name | Description |
|---|---|
ErrorCode UInt32 | — |
Event ID 60708 —
Fields #
| Name | Description |
|---|---|
ErrorCode UInt32 | — |
Event ID 60709 —
Fields #
| Name | Description |
|---|---|
ErrorCode UInt32 | — |
Event ID 60710 —
Fields #
| Name | Description |
|---|---|
ErrorCode UInt32 | — |
Event ID 60711 —
Fields #
| Name | Description |
|---|---|
dwColorChosen UInt32 | — |
pszFilePath UnicodeString | — |
Event ID 60712 —
Event ID 60713 —
Event ID 60714 —
Fields #
| Name | Description |
|---|---|
pszFilePath UnicodeString | — |
uImageWidth UInt32 | — |
uImageHeight UInt32 | — |
Event ID 60715 —
Fields #
| Name | Description |
|---|---|
fFillChosenOverFit Boolean | — |
pszFilePath UnicodeString | — |
uImageWidth UInt32 | — |
uImageHeight UInt32 | — |
uMonitorWidth UInt32 | — |
uMonitorHeight UInt32 | — |
Event ID 60716 —
Fields #
| Name | Description |
|---|---|
uPicturePosition UInt32 | — |
pszFilePath UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "60716",
"version": "0",
"level": "4",
"task": "60716",
"opcode": "0",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:38.361835200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "8552"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"uPicturePosition": " 1",
"pszFilePath": "C:\\Users\\DOMAIN~1\\AppData\\Local\\Temp\\3\\BGInfo.bmp"
},
"message": ""
}
Event ID 60751 —
Event ID 60752 —
Event ID 60753 —
Fields #
| Name | Description |
|---|---|
pszBranchToRun UnicodeString | — |
Event ID 60754 —
Fields #
| Name | Description |
|---|---|
pszBranchToRun UnicodeString | — |
Event ID 60755 —
Fields #
| Name | Description |
|---|---|
pszKeyName UnicodeString | — |
activeSetupDisabled Boolean | — |
allowTaskOverride Boolean | — |
taskEnabled Boolean | — |
Event ID 60756 —
Fields #
| Name | Description |
|---|---|
pszKeyName UnicodeString | — |
activeSetupDisabled Boolean | — |
allowTaskOverride Boolean | — |
taskEnabled Boolean | — |
Event ID 60757 —
Event ID 60758 —
Event ID 60759 —
Fields #
| Name | Description |
|---|---|
pszPathName UnicodeString | — |
Event ID 60760 —
Fields #
| Name | Description |
|---|---|
pszPathName UnicodeString | — |
Event ID 60801 —
Event ID 60802 —
Event ID 60803 —
Fields #
| Name | Description |
|---|---|
Value UInt32 | — |
Event ID 60804 —
Event ID 60805 —
Fields #
| Name | Description |
|---|---|
PageIndex Int32 | — |
InteractionType UInt32 | — |
Event ID 60806 —
Fields #
| Name | Description |
|---|---|
Index Int32 | — |
Event ID 60807 —
Event ID 60808 —
Fields #
| Name | Description |
|---|---|
Index Int32 | — |
Event ID 60809 —
Fields #
| Name | Description |
|---|---|
CandidateCount Int32 | — |
CandidateToFocusIndex Int32 | — |
PageToFocusIndex Int32 | — |
InteractionType UInt32 | — |
Event ID 60810 —
Event ID 60811 —
Fields #
| Name | Description |
|---|---|
Index Int32 | — |
Event ID 60812 —
Fields #
| Name | Description |
|---|---|
PageCount Int32 | — |
CandidateCount Int32 | — |
Event ID 60813 —
Fields #
| Name | Description |
|---|---|
PageCount Int32 | — |
CandidateCount Int32 | — |
Event ID 60814 —
Fields #
| Name | Description |
|---|---|
Index Int32 | — |
Event ID 60815 —
Fields #
| Name | Description |
|---|---|
Index Int32 | — |
Event ID 60816 —
Fields #
| Name | Description |
|---|---|
PageCount Int32 | — |
CandidateCount Int32 | — |
Event ID 60817 —
Event ID 60818 —
Fields #
| Name | Description |
|---|---|
PageCount Int32 | — |
CandidateCount Int32 | — |
Event ID 60819 —
Fields #
| Name | Description |
|---|---|
ButtonType Int32 | — |
Event ID 60820 —
Fields #
| Name | Description |
|---|---|
ButtonType Int32 | — |
Event ID 60821 —
Event ID 60822 —
Event ID 60823 —
Event ID 60824 —
Event ID 60825 —
Fields #
| Name | Description |
|---|---|
PageIndex Int32 | — |
Type UInt32 | — |
Event ID 60826 —
Fields #
| Name | Description |
|---|---|
PageIndex Int32 | — |
HRESULT UInt32 | — |
Event ID 60901 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 60902 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 60903 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 60904 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 60905 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 60906 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 60907 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "60907",
"version": "0",
"level": "4",
"task": "60907",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-16T00:23:22.271226300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "1452",
"thread_id": "9352"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"psz": "C:\\Windows\\system32\\notepad.exe"
},
"message": ""
}
Event ID 60908 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "60908",
"version": "0",
"level": "4",
"task": "60907",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-16T00:23:22.273243300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "1452",
"thread_id": "9352"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"psz": "C:\\Windows\\system32\\notepad.exe"
},
"message": ""
}
Event ID 60909 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 60910 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 60911 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "60911",
"version": "0",
"level": "4",
"task": "60907",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-16T00:23:22.273257900+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "1452",
"thread_id": "9352"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"psz": "C:\\Windows\\system32\\notepad.exe"
},
"message": ""
}
Event ID 60912 —
Fields #
| Name | Description |
|---|---|
Index UInt32 | — |
Event ID 60913 —
Event ID 60914 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 60915 —
Fields #
| Name | Description |
|---|---|
EnumValue Int32 | — |
Event ID 61001 —
Event ID 61002 —
Event ID 61003 —
Event ID 61004 —
Fields #
| Name | Description |
|---|---|
HRESULT Int32 | — |
Event ID 61005 —
Event ID 61006 —
Fields #
| Name | Description |
|---|---|
HRESULT Int32 | — |
Event ID 61201 —
Event ID 61202 —
Event ID 61203 —
Event ID 61204 —
Fields #
| Name | Description |
|---|---|
CLSID GUID | — |
Name UnicodeString | — |
Description UnicodeString | — |
AppliesTo UnicodeString | — |
State UInt32 | — |
Event ID 61205 —
Fields #
| Name | Description |
|---|---|
CLSID GUID | — |
HRESULT UInt32 | — |
Event ID 61206 —
Event ID 61210 —
Fields #
| Name | Description |
|---|---|
CLSID GUID | — |
State UInt32 | — |
Event ID 61211 —
Fields #
| Name | Description |
|---|---|
CLSID GUID | — |
ItemPath UnicodeString | — |
ScopeAffetcedItems UInt32 | — |
ItemSyncState UInt32 | — |
ItemSyncStatus UnicodeString | — |
ItemSyncStatusDescription UnicodeString | — |
ItemSyncStatusAction UnicodeString | — |
Event ID 61212 —
Fields #
| Name | Description |
|---|---|
ItemPath UnicodeString | — |
HRESULT UInt32 | — |
Event ID 61213 —
Fields #
| Name | Description |
|---|---|
ItemPath UnicodeString | — |
HRESULT UInt32 | — |
Event ID 61214 —
Fields #
| Name | Description |
|---|---|
psz UnicodeString | — |
Event ID 61220 —
Fields #
| Name | Description |
|---|---|
CLSID GUID | — |
State UInt32 | — |
Event ID 61221 —
Fields #
| Name | Description |
|---|---|
CLSID GUID | — |
ItemPath UnicodeString | — |
Event ID 61301 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 61302 —
Event ID 61303 —
Event ID 61320 —
Event ID 61321 —
Event ID 61322 —
Event ID 61323 —
Event ID 61324 —
Event ID 61325 —
Event ID 61326 —
Event ID 61327 —
Event ID 61340 —
Fields #
| Name | Description |
|---|---|
TileID UInt32 | — |
TileCount UInt32 | — |
Event ID 61341 —
Fields #
| Name | Description |
|---|---|
TileID UInt32 | — |
TileCount UInt32 | — |
Event ID 61342 —
Fields #
| Name | Description |
|---|---|
OldState UInt32 | — |
NewState UInt32 | — |
Event ID 61343 —
Event ID 61344 —
Fields #
| Name | Description |
|---|---|
IsEnthusiastMode Boolean | — |
Event ID 61345 —
Fields #
| Name | Description |
|---|---|
TileID UInt32 | — |
Event ID 61346 —
Fields #
| Name | Description |
|---|---|
TileID UInt32 | — |
Event ID 61347 —
Fields #
| Name | Description |
|---|---|
TileID UInt32 | — |
Event ID 61348 —
Fields #
| Name | Description |
|---|---|
TileID UInt32 | — |
Event ID 61349 —
Fields #
| Name | Description |
|---|---|
TileID UInt32 | — |
Event ID 61350 —
Fields #
| Name | Description |
|---|---|
TileID UInt32 | — |
Event ID 61351 —
Fields #
| Name | Description |
|---|---|
TileID UInt32 | — |
Event ID 61352 —
Fields #
| Name | Description |
|---|---|
OldState UInt32 | — |
NewState UInt32 | — |
Event ID 61353 —
Fields #
| Name | Description |
|---|---|
OldState UInt32 | — |
NewState UInt32 | — |
Event ID 61354 —
Fields #
| Name | Description |
|---|---|
OldState UInt32 | — |
NewState UInt32 | — |
Event ID 61355 —
Fields #
| Name | Description |
|---|---|
OldState UInt32 | — |
NewState UInt32 | — |
Event ID 61356 —
Fields #
| Name | Description |
|---|---|
OldState UInt32 | — |
NewState UInt32 | — |
Event ID 61357 —
Fields #
| Name | Description |
|---|---|
OldState UInt32 | — |
NewState UInt32 | — |
Event ID 61358 —
Fields #
| Name | Description |
|---|---|
OldState UInt32 | — |
NewState UInt32 | — |
Event ID 61360 —
Fields #
| Name | Description |
|---|---|
TopViewId GUID | — |
NumExtensionFilters UInt32 | — |
AppQuery UnicodeString | — |
UserQuery UnicodeString | — |
FolderDepth UInt32 | — |
IndexerOption UInt32 | — |
NumSortEntries UInt32 | — |
Event ID 61361 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61364 —
Fields #
| Name | Description |
|---|---|
StartIndex UInt32 | — |
Count UInt32 | — |
Event ID 61365 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61366 —
Event ID 61367 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61368 —
Event ID 61369 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
HRESULT UInt32 | — |
Event ID 61370 —
Event ID 61371 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61372 —
Fields #
| Name | Description |
|---|---|
CountBytesRequested UInt32 | — |
Event ID 61373 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61374 —
Fields #
| Name | Description |
|---|---|
CountBytesRequested UInt32 | — |
Event ID 61375 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61376 —
Event ID 61377 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61380 —
Event ID 61381 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61386 —
Event ID 61387 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61390 —
Event ID 61391 —
Fields #
| Name | Description |
|---|---|
KnownItemRequested GUID | — |
HRESULT UInt32 | — |
Event ID 61400 —
Fields #
| Name | Description |
|---|---|
RequestedSize UInt32 | — |
Options UInt32 | — |
Event ID 61401 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61410 —
Event ID 61411 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61412 —
Event ID 61413 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61414 —
Event ID 61415 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61420 —
Event ID 61421 —
Fields #
| Name | Description |
|---|---|
Token UnicodeString | — |
LifetimeOption UInt32 | — |
HRESULT UInt32 | — |
Event ID 61422 —
Event ID 61423 —
Fields #
| Name | Description |
|---|---|
Token UnicodeString | — |
LifetimeOption UInt32 | — |
HRESULT UInt32 | — |
Event ID 61424 —
Event ID 61425 —
Fields #
| Name | Description |
|---|---|
Token UnicodeString | — |
LifetimeOption UInt32 | — |
HRESULT UInt32 | — |
Event ID 61426 —
Event ID 61427 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61428 —
Fields #
| Name | Description |
|---|---|
Token UnicodeString | — |
LifetimeOption UInt32 | — |
Event ID 61429 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61430 —
Event ID 61431 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
LifetimeOption UInt32 | — |
HRESULT UInt32 | — |
Event ID 61432 —
Event ID 61433 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61434 —
Event ID 61435 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61436 —
Event ID 61437 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61438 —
Event ID 61439 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61440 —
Event ID 61441 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61442 —
Event ID 61443 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61444 —
Event ID 61445 —
Event ID 61446 —
Event ID 61448 —
Event ID 61449 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61450 —
Event ID 61451 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61452 —
Event ID 61453 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 61454 —
Fields #
| Name | Description |
|---|---|
Path UnicodeString | — |
Event ID 61455 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
HasAccess Boolean | — |
Event ID 61456 —
Fields #
| Name | Description |
|---|---|
Count UInt32 | — |
Event ID 61457 —
Fields #
| Name | Description |
|---|---|
SqmSessionGuid GUID | — |
SqmID UInt32 | — |
SqmType UInt32 | — |
SqmStreamRowLength UInt32 | — |
SqmStreamRow Int16 | — |
Event ID 61460 —
Fields #
| Name | Description |
|---|---|
Signature UInt64 | — |
szFilename UnicodeString | — |
Event ID 61461 —
Event ID 61462 —
Fields #
| Name | Description |
|---|---|
Signature UInt64 | — |
szFilename UnicodeString | — |
Event ID 61463 —
Fields #
| Name | Description |
|---|---|
Signature UInt64 | — |
szFilename UnicodeString | — |
Event ID 61464 —
Fields #
| Name | Description |
|---|---|
Signature UInt64 | — |
szFilename UnicodeString | — |
Event ID 61465 —
Fields #
| Name | Description |
|---|---|
Signature UInt64 | — |
szFilename UnicodeString | — |
Event ID 61501 —
Event ID 61502 —
Event ID 61503 —
Event ID 61504 —
Event ID 61505 —
Event ID 61506 —
Event ID 61600 —
Event ID 61601 —
Event ID 61602 —
Event ID 61603 —
Event ID 61604 —
Event ID 61605 —
Event ID 61606 —
Event ID 61607 —
Event ID 61608 —
Event ID 61609 —
Event ID 61610 —
Event ID 61611 —
Event ID 61612 —
Event ID 61613 —
Event ID 61614 —
Event ID 61615 —
Event ID 61616 —
Event ID 61617 —
Event ID 61618 —
Fields #
| Name | Description |
|---|---|
FormatId UnicodeString | — |
Event ID 61619 —
Fields #
| Name | Description |
|---|---|
FormatId UnicodeString | — |
Event ID 61620 —
Fields #
| Name | Description |
|---|---|
FormatId UnicodeString | — |
Event ID 61621 —
Fields #
| Name | Description |
|---|---|
FormatId UnicodeString | — |
Event ID 61622 —
Event ID 61623 —
Event ID 61624 —
Event ID 61625 —
Event ID 61626 —
Event ID 61627 —
Event ID 61628 —
Event ID 61629 —
Event ID 61630 —
Event ID 61631 —
Event ID 61632 —
Event ID 61633 —
Event ID 61634 —
Event ID 61635 —
Event ID 61636 —
Event ID 61637 —
Event ID 61638 —
Event ID 61639 —
Event ID 61640 —
Event ID 61641 —
Fields #
| Name | Description |
|---|---|
HRESULT Int32 | — |
Event ID 61642 —
Event ID 61643 —
Event ID 61644 —
Event ID 61645 —
Event ID 61646 —
Event ID 61647 —
Event ID 61648 —
Event ID 61649 —
Fields #
| Name | Description |
|---|---|
HRESULT Int32 | — |
Event ID 61650 —
Event ID 61651 —
Event ID 61652 —
Event ID 61653 —
Event ID 62000 —
Event ID 62001 —
Event ID 62002 —
Event ID 62003 —
Event ID 62004 —
Event ID 62020 —
Fields #
| Name | Description |
|---|---|
psi Pointer | — |
grfMode UInt32 | — |
Event ID 62021 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62022 —
Fields #
| Name | Description |
|---|---|
Index UInt32 | — |
Event ID 62023 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62024 —
Fields #
| Name | Description |
|---|---|
Index UInt32 | — |
Event ID 62025 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62026 —
Fields #
| Name | Description |
|---|---|
Index UInt32 | — |
Event ID 62027 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62028 —
Fields #
| Name | Description |
|---|---|
IndexFrom UInt32 | — |
IndexTo UInt32 | — |
Event ID 62029 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62030 —
Event ID 62031 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62032 —
Fields #
| Name | Description |
|---|---|
psiFolder Pointer | — |
szPlaylistName UnicodeString | — |
flags UInt32 | — |
Event ID 62033 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62050 —
Event ID 62051 —
Event ID 62052 —
Event ID 62053 —
Event ID 62054 —
Event ID 62055 —
Event ID 62056 —
Event ID 62057 —
Event ID 62058 —
Event ID 62059 —
Event ID 62060 —
Event ID 62061 —
Event ID 62062 —
Event ID 62063 —
Event ID 62064 —
Event ID 62065 —
Event ID 62066 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "62066",
"version": "0",
"level": "4",
"task": "62066",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-16T00:21:39.181172000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 62067 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "62067",
"version": "0",
"level": "4",
"task": "62066",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-16T00:21:39.181195800+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "5680",
"thread_id": "11856"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 62068 —
Event ID 62069 —
Event ID 62070 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "62070",
"version": "0",
"level": "4",
"task": "62070",
"opcode": "1",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.066796100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 62071 —
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "{30336ed4-e327-447c-9de0-51b652c86108}",
"event_source_name": "",
"event_id": "62071",
"version": "0",
"level": "4",
"task": "62070",
"opcode": "2",
"keywords": 9223372036854841344,
"time_created": "2026-03-15T04:20:50.066799200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "12840",
"thread_id": "800"
},
"channel": "Microsoft-Windows-Shell-Core/Diagnostic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": ""
}
Event ID 62072 —
Fields #
| Name | Description |
|---|---|
TileAutomationID UInt32 | — |
TransitionType UInt32 | — |
Event ID 62073 —
Fields #
| Name | Description |
|---|---|
TileAutomationID UInt32 | — |
TransitionType UInt32 | — |
Event ID 62074 —
Fields #
| Name | Description |
|---|---|
TileAutomationID UInt32 | — |
TransitionType UInt32 | — |
AnimationStatus UInt32 | — |
Event ID 62075 —
Fields #
| Name | Description |
|---|---|
Delta UInt32 | — |
Event ID 62076 —
Fields #
| Name | Description |
|---|---|
UInt32Value UInt32 | — |
Event ID 62078 —
Event ID 62079 —
Event ID 62100 —
Fields #
| Name | Description |
|---|---|
Device UInt32 | — |
GotRealDevice UInt32 | — |
VerticalResolution UInt32 | — |
HorizontalResolution UInt32 | — |
VerticalSize UInt32 | — |
HorizontalSize UInt32 | — |
ComputedScaleFactor UInt32 | — |
ComputedDPI UInt32 | — |
ChangedFlags UInt32 | — |
Event ID 62120 —
Fields #
| Name | Description |
|---|---|
PackageFamilyName UnicodeString | — |
Event ID 62121 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62122 —
Fields #
| Name | Description |
|---|---|
PackageFamilyName UnicodeString | — |
Event ID 62123 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62124 —
Fields #
| Name | Description |
|---|---|
PackageFamilyName UnicodeString | — |
Event ID 62125 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62126 —
Fields #
| Name | Description |
|---|---|
PackageFamilyName UnicodeString | — |
Event ID 62127 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62128 —
Fields #
| Name | Description |
|---|---|
PackageFamilyName UnicodeString | — |
Event ID 62129 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62130 —
Fields #
| Name | Description |
|---|---|
PackageFamilyName UnicodeString | — |
Event ID 62131 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62132 —
Fields #
| Name | Description |
|---|---|
ParentShortcutPath UnicodeString | — |
Event ID 62133 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62134 —
Fields #
| Name | Description |
|---|---|
AppUserModelID UnicodeString | — |
Event ID 62135 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62136 —
Fields #
| Name | Description |
|---|---|
AppUserModelID UnicodeString | — |
Event ID 62137 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62138 —
Fields #
| Name | Description |
|---|---|
AppUserModelID UnicodeString | — |
Event ID 62139 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62140 —
Fields #
| Name | Description |
|---|---|
AppUserModelID UnicodeString | — |
Event ID 62141 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62142 —
Fields #
| Name | Description |
|---|---|
AppUserModelID UnicodeString | — |
Event ID 62143 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62144 — Updating install state of package PackageFamilyName to 'InstallState' with HRESULT ErrorCode.
#Description
Updating install state of package PackageFamilyName to 'InstallState' with HRESULT ErrorCode.
Message #
Fields #
| Name | Description |
|---|---|
PackageFamilyName UnicodeString | — |
InstallState UnicodeString | — |
ErrorCode UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 62144,
"version": 0,
"level": 4,
"task": 62132,
"opcode": 0,
"keywords": 2305843009213759488,
"time_created": "2023-11-05T23:49:15.852979+00:00",
"event_record_id": 2545,
"correlation": {},
"execution": {
"process_id": 10560,
"thread_id": 5420
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"PackageFamilyName": "DropboxInc.Dropbox_wkt425jdc3sga",
"InstallState": "Completed",
"ErrorCode": 0
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 62145 — On commit, creation of shortcut with AppUserModelId AppUserModelID with HRESULT ErrorCode.
Event ID 62146 — On commit, update of shortcut with AppUserModelId AppUserModelID with HRESULT ErrorCode.
Event ID 62147 — On commit, deletion of shortcut with AppUserModelId AppUserModelID with HRESULT ErrorCode.
Event ID 62148 — On commit, creation of temporary shortcut with AppUserModelId AppUserModelID with HRESULT ErrorCode.
Event ID 62149 — On commit, changing property values in shortcut with AppUserModelId AppUserModelID failed as the shortcut file does not exist.
Event ID 62150 — On revert, creation of shortcut with AppUserModelId AppUserModelID with HRESULT ErrorCode.
Event ID 62151 — On revert, update of shortcut with AppUserModelId AppUserModelID with HRESULT ErrorCode.
Event ID 62152 — On revert, deletion of shortcut with AppUserModelId AppUserModelID with HRESULT ErrorCode.
Event ID 62153 — Removing folder for package PackageFamilyName with HRESULT ErrorCode.
Event ID 62154 — Incremented last write time of shortcut with AppUserModelId AppUserModelID by 2 seconds with HRESULT ErrorCode.
Event ID 62155 — Updated lockscreen notifications badge registration of app with AppUserModelId AppUserModelID with HRESULT ErrorCode.
Event ID 62156 — On revert, updated lockscreen notifications badge registration of app with AppUserModelId AppUserModelID with HRESULT ErrorCode.
Event ID 62157 — Removed lockscreen notifications badge registration of app with AppUserModelId AppUserModelID with HRESULT ErrorCode.
Event ID 62158 — Updated lockscreen notifications tile registration of app with AppUserModelId AppUserModelID with HRESULT ErrorCode.
Event ID 62159 — On revert, updated lockscreen notifications tile registration of app with AppUserModelId AppUserModelID with HRESULT ErrorCode.
Event ID 62160 — Removed lockscreen notifications tile registration of app with AppUserModelId AppUserModelID with HRESULT ErrorCode.
Event ID 62161 — The namespace extension guid will be loaded in the File Picker.
Event ID 62162 — The namespace extension guid will not be loaded in the File Picker.
Event ID 62163 — Failed to merge PRI for Package PackageFamilyName at path Path with HRESULT ErrorCode.
Event ID 62164 — Package PackageFamilyName failed to install with HRESULT ErrorCode.
#Description
Package PackageFamilyName failed to install with HRESULT ErrorCode.
Message #
Fields #
| Name | Description |
|---|---|
PackageFamilyName UnicodeString | — |
ErrorCode UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 62164,
"version": 0,
"level": 4,
"task": 62350,
"opcode": 0,
"keywords": 2305843009213759488,
"time_created": "2023-11-05T22:33:30.815908+00:00",
"event_record_id": 2208,
"correlation": {},
"execution": {
"process_id": 4952,
"thread_id": 7932
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"PackageFamilyName": "Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe",
"ErrorCode": 2147942450
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 62170 — Logon task 'TaskName' started with flags LogonType.
#Description
Logon task 'TaskName' started with flags LogonType.
Message #
Fields #
| Name | Description |
|---|---|
LogonType UInt32 | — Logon type reference |
TaskName UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 62170,
"version": 0,
"level": 4,
"task": 62170,
"opcode": 1,
"keywords": 2306124492780339200,
"time_created": "2023-11-05T23:54:19.304623+00:00",
"event_record_id": 2682,
"correlation": {},
"execution": {
"process_id": 10860,
"thread_id": 7480
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"LogonType": 0,
"TaskName": "LaunchInputDialListenerPostStart"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 62171 — Logon task 'TaskName' finished with flags LogonType.
#Description
Logon task 'TaskName' finished with flags LogonType.
Message #
Fields #
| Name | Description |
|---|---|
LogonType UInt32 | — Logon type reference |
TaskName UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 62171,
"version": 0,
"level": 4,
"task": 62170,
"opcode": 2,
"keywords": 2306124492780339200,
"time_created": "2023-11-05T23:54:19.542235+00:00",
"event_record_id": 2695,
"correlation": {},
"execution": {
"process_id": 10860,
"thread_id": 7480
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"LogonType": 0,
"TaskName": "LaunchInputDialListenerPostStart"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 62200 — Failed to register for licensing policy change event.
Event ID 62201 — Failed to create the watermark window.
Event ID 62202 — Failed to render the watermark.
Event ID 62203 — Failed to get genuine status.
Event ID 62204 —
Event ID 62205 —
Event ID 62250 — Updated lockscreen alarm registration of app with AppUserModelId AppUserModelID with HRESULT ErrorCode.
Event ID 62251 — On revert, updated lockscreen alarm registration of app with AppUserModelId AppUserModelID with HRESULT ErrorCode.
Event ID 62252 — Removed lockscreen alarm registration of app with AppUserModelId AppUserModelID with HRESULT ErrorCode.
Event ID 62300 —
Event ID 62301 —
Event ID 62302 —
Event ID 62303 —
Event ID 62320 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
Event ID 62321 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
HRESULT UInt32 | — |
Event ID 62322 —
Event ID 62323 —
Fields #
| Name | Description |
|---|---|
HRESULT UInt32 | — |
Event ID 62324 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
NewValues UInt32 | — |
ValuesToChange UInt32 | — |
Event ID 62325 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
HRESULT UInt32 | — |
Event ID 62326 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
Event ID 62327 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
HRESULT UInt32 | — |
Event ID 62328 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
Event ID 62329 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
HRESULT UInt32 | — |
Event ID 62330 —
Fields #
| Name | Description |
|---|---|
Position UInt64 | — |
Size UInt64 | — |
Event ID 62331 —
Fields #
| Name | Description |
|---|---|
Position UInt64 | — |
Size UInt64 | — |
HRESULT UInt32 | — |
Event ID 62332 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
Event ID 62333 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
HRESULT UInt32 | — |
Event ID 62334 —
Event ID 62335 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
FileCompletionState UInt32 | — |
Event ID 62336 —
Fields #
| Name | Description |
|---|---|
FileName UnicodeString | — |
FileCompletionState UInt32 | — |
HRESULT UInt32 | — |
Event ID 62337 — Fileplaceholder hydration times out.
Description
Fileplaceholder hydration times out.
Message #
Event ID 62380 —
Fields #
| Name | Description |
|---|---|
QuestionID Int32 | — |
ResponseType UnicodeString | — |
QuestionType UnicodeString | — |
Answer UnicodeString | — |
FollowupAnswer UnicodeString | — |
Event ID 62400 — CloudExperienceHost App Activity started.
Description
CloudExperienceHost App Activity started. Source: 'Source', Experience: 'Experience'.
Message #
Fields #
| Name | Description |
|---|---|
Source UnicodeString | — |
Experience UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 62400,
"version": 0,
"level": 4,
"task": 62400,
"opcode": 1,
"keywords": 2305843043573497856,
"time_created": "2026-03-09T18:20:52.260063+00:00",
"event_record_id": 4620,
"correlation": {
"ActivityID": "16C17DEB-9C73-44F6-B6EA-3B3069AE939F"
},
"execution": {
"process_id": 7268,
"thread_id": 7952
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "LAB-WIN11",
"security": {
"user_id": "S-1-5-21-3407486967-1585450050-1838039599-1000"
}
},
"event_data": {
"Source": "ms-cxh://mosetMDMconnecttowork/",
"Experience": "{\"source\":\"ms-cxh://mosetMDMconnecttowork/\",\"protocol\":\"ms-cxh\",\"host\":\"mosetMDMconnecttowork\",\"port\":\"\",\"params\":{},\"file\":\"\",\"hash\":\"\",\"path\":\"/\",\"segments\":[\"\"]}"
},
"message": ""
}
Event ID 62401 — CloudExperienceHost App Activity stopped.
Description
CloudExperienceHost App Activity stopped. Result: 'Result'.
Message #
Fields #
| Name | Description |
|---|---|
Result UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 62401,
"version": 0,
"level": 4,
"task": 62400,
"opcode": 2,
"keywords": 2305843043573497856,
"time_created": "2026-03-09T18:21:10.189353+00:00",
"event_record_id": 4667,
"correlation": {
"ActivityID": "E1341ABB-3BA3-4E91-B44B-1D9432DAB913"
},
"execution": {
"process_id": 7268,
"thread_id": 7952
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "LAB-WIN11",
"security": {
"user_id": "S-1-5-21-3407486967-1585450050-1838039599-1000"
}
},
"event_data": {
"Result": "success"
},
"message": ""
}
Event ID 62402 — CloudExperienceHost App Event 1.
Description
CloudExperienceHost App Event 1. Name: 'Name'.
Message #
Fields #
| Name | Description |
|---|---|
Name UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 62402,
"version": 0,
"level": 4,
"task": 62402,
"opcode": 0,
"keywords": 2305843043573497856,
"time_created": "2026-03-09T18:20:52.256168+00:00",
"event_record_id": 4619,
"correlation": {
"ActivityID": "FEE5CECA-D7C0-4D50-B57D-0A85ED531ABB"
},
"execution": {
"process_id": 7268,
"thread_id": 7952
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "LAB-WIN11",
"security": {
"user_id": "S-1-5-21-3407486967-1585450050-1838039599-1000"
}
},
"event_data": {
"Name": "ClearTemporaryWebDataAsyncSucceeded"
},
"message": ""
}
Event ID 62403 — CloudExperienceHost App Event 2.
Description
CloudExperienceHost App Event 2. Name: 'Name', Value: 'Value'.
Message #
Fields #
| Name | Description |
|---|---|
Name UnicodeString | — |
Value UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 62403,
"version": 0,
"level": 4,
"task": 62403,
"opcode": 0,
"keywords": 2305843043573497856,
"time_created": "2026-03-09T18:20:52.876162+00:00",
"event_record_id": 4630,
"correlation": {
"ActivityID": "77230D5B-4D6A-43D1-90F6-F955540E96C3"
},
"execution": {
"process_id": 7268,
"thread_id": 7952
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "LAB-WIN11",
"security": {
"user_id": "S-1-5-21-3407486967-1585450050-1838039599-1000"
}
},
"event_data": {
"Name": "FirstWebAppVisible",
"Value": "Work"
},
"message": ""
}
Event ID 62404 — CloudExperienceHost Web App Activity started.
Description
CloudExperienceHost Web App Activity started. CXID: 'CXID'.
Message #
Fields #
| Name | Description |
|---|---|
CXID UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 62404,
"version": 0,
"level": 4,
"task": 62404,
"opcode": 1,
"keywords": 2305843043573497856,
"time_created": "2026-03-09T18:21:07.739590+00:00",
"event_record_id": 4655,
"correlation": {
"ActivityID": "EB476454-99B3-4A1B-A3F5-F070716C4F29"
},
"execution": {
"process_id": 7268,
"thread_id": 7952
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "LAB-WIN11",
"security": {
"user_id": "S-1-5-21-3407486967-1585450050-1838039599-1000"
}
},
"event_data": {
"CXID": "MDMEnrollmentFinished"
},
"message": ""
}
Event ID 62405 — CloudExperienceHost Web App Activity stopped.
Description
CloudExperienceHost Web App Activity stopped. Result: 'Result'.
Message #
Fields #
| Name | Description |
|---|---|
Result UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 62405,
"version": 0,
"level": 4,
"task": 62404,
"opcode": 2,
"keywords": 2305843043573497856,
"time_created": "2026-03-09T18:21:10.189010+00:00",
"event_record_id": 4666,
"correlation": {
"ActivityID": "DE4FD34D-5A8A-4230-80D6-9EDDABC9FB2C"
},
"execution": {
"process_id": 7268,
"thread_id": 7952
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "LAB-WIN11",
"security": {
"user_id": "S-1-5-21-3407486967-1585450050-1838039599-1000"
}
},
"event_data": {
"Result": "success"
},
"message": ""
}
Event ID 62406 — CloudExperienceHost Web App Event 1.
Event ID 62407 — CloudExperienceHost Web App Event 2.
Description
CloudExperienceHost Web App Event 2. Name: 'Name', Value: 'Value'.
Message #
Fields #
| Name | Description |
|---|---|
Name UnicodeString | — |
Value UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 62407,
"version": 0,
"level": 4,
"task": 62407,
"opcode": 0,
"keywords": 2305843043573497856,
"time_created": "2026-03-09T18:21:10.188681+00:00",
"event_record_id": 4665,
"correlation": {
"ActivityID": "73C6F5B7-A06D-40B1-A1D3-C103166D9BF0"
},
"execution": {
"process_id": 7268,
"thread_id": 7952
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "LAB-WIN11",
"security": {
"user_id": "S-1-5-21-3407486967-1585450050-1838039599-1000"
}
},
"event_data": {
"Name": "Done",
"Value": "success"
},
"message": ""
}
Event ID 62408 — Started execution of command 'Command'.
Description
Started execution of command 'Command'.
Message #
Fields #
| Name | Description |
|---|---|
Command UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 62408,
"version": 0,
"level": 4,
"task": 62408,
"opcode": 1,
"keywords": 2305878193652957184,
"time_created": "2026-02-10T01:03:05.779137+00:00",
"event_record_id": 1106,
"correlation": {},
"execution": {
"process_id": 5640,
"thread_id": 7848
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "LAB-WIN11",
"security": {
"user_id": "S-1-5-21-3407486967-1585450050-1838039599-1000"
}
},
"event_data": {
"Command": "msteams_autostarter.exe"
},
"message": ""
}
Event ID 62409 — Finished execution of command 'Command' (PID PID).
Description
Finished execution of command 'Command' (PID PID).
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
Command UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 62409,
"version": 0,
"level": 4,
"task": 62408,
"opcode": 2,
"keywords": 2305878193652957184,
"time_created": "2026-02-10T01:03:06.583842+00:00",
"event_record_id": 1107,
"correlation": {},
"execution": {
"process_id": 5640,
"thread_id": 7848
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "LAB-WIN11",
"security": {
"user_id": "S-1-5-21-3407486967-1585450050-1838039599-1000"
}
},
"event_data": {
"PID": 9824,
"Command": "msteams_autostarter.exe"
},
"message": ""
}
Event ID 62420 — Looking for Restore Profiles
Description
Looking for Restore Profiles.
Message #
Event ID 62421 — Finished looking for Restore Profiles.
Event ID 62422 — Adding Profile.
Event ID 62423 — Set Restore Profile to Hardware Id: HardwareId.
Event ID 62440 — Hash mismatch detected for: ExtOrUriScheme.
Description
Hash mismatch detected for: ExtOrUriScheme. ProgId: ProgId. UserSid: UserSid. HashInRegistry: HashInRegistry. ComputedHash: ComputedHash. Date: SystemDatewYear : SystemDatewMonth: SystemDatewDayOfWeek : SystemDatewDay : SystemDatewHour : SystemDatewMinute.
Message #
Fields #
| Name | Description |
|---|---|
ExtOrUriScheme UnicodeString | — |
ProgId UnicodeString | — |
UserSid UnicodeString | — |
HashInRegistry UnicodeString | — |
ComputedHash UnicodeString | — |
SystemDatewYear UInt16 | — |
SystemDatewMonth UInt16 | — |
SystemDatewDayOfWeek UInt16 | — |
SystemDatewDay UInt16 | — |
SystemDatewHour UInt16 | — |
SystemDatewMinute UInt16 | — |
Event ID 62441 — User choice has been reset to prog id ProgId for ExtOrUriScheme.
Event ID 62442 — Upgraded to prog id ProgId from prog id CurrentDefaultProgId for ExtOrUriScheme.
Event ID 62443 — AppDefault Info: Info.
#Description
AppDefault Info: Info.
Message #
Fields #
| Name | Description |
|---|---|
Info UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 62443,
"version": 0,
"level": 4,
"task": 62443,
"opcode": 0,
"keywords": 1152921504606846976,
"time_created": "2023-11-05T23:53:37.119797+00:00",
"event_record_id": 1084,
"correlation": {},
"execution": {
"process_id": 10860,
"thread_id": 10720
},
"channel": "Microsoft-Windows-Shell-Core/AppDefaults",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"Info": "AppDefaults-Logon-UserProfileLoaded"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 62444 — Missing Hash -- ProgId: ProgId FileExtOrUriScheme: ExtOrUriScheme.
Event ID 62445 — Migration Info: Info.
Event ID 62460 — OOBE Health Monitor.
#Description
OOBE Health Monitor. Version: DataVersion, Health flags: HealthStateFlags, Census flags: CensusFlags, Seconds since boot: SecondsSinceBoot, Image identifier: 'ImageIdentifier', Detailed info: 'TrackingInfo'.
Message #
Fields #
| Name | Description |
|---|---|
DataVersion Int32 | — |
HealthStateFlags UInt64 | — |
CensusFlags UInt64 | — |
SecondsSinceBoot UInt64 | — |
ImageIdentifier UnicodeString | — |
TrackingInfo UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Shell-Core",
"guid": "30336ED4-E327-447C-9DE0-51B652C86108",
"event_source_name": "",
"event_id": 62460,
"version": 0,
"level": 4,
"task": 62460,
"opcode": 0,
"keywords": 2305843146652712960,
"time_created": "2023-11-06T06:25:35.337008+00:00",
"event_record_id": 1692,
"correlation": {},
"execution": {
"process_id": 1424,
"thread_id": 1428
},
"channel": "Microsoft-Windows-Shell-Core/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"DataVersion": 14,
"HealthStateFlags": 0,
"CensusFlags": 14,
"SecondsSinceBoot": 59,
"ImageIdentifier": "",
"TrackingInfo": "{ 0; 1; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0; 0;}"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 63200 — Application calls obsolete Shell APIs.
Description
Application calls obsolete Shell APIs.