Elastic Windows Event Explorer


Publisher - Microsoft-Windows-DotNETRuntime

Event ID 149

Message:

ModuleID=%{ModuleID};
AssemblyID=%{AssemblyID};
ModuleFlags=%{ModuleFlags};ModuleILPath=%{Reserved1};
ModuleNativePath=%{ModuleILPath}

Event Data:

# Name In Type
Out Type
1 ModuleID win:UInt64 win:HexInt64
2 AssemblyID win:UInt64 win:HexInt64
3 ModuleFlags win:UInt32 xs:unsignedInt
4 Reserved1 win:UInt32 xs:unsignedInt
5 ModuleILPath win:UnicodeString xs:string
6 ModuleNativePath win:UnicodeString xs:string

Observed Windows Versions:

Version: 0

Fingerprint: 5YU4ZITWKKWHE