Elastic Windows Event Explorer


Publisher - Microsoft-Windows-PDC

Event ID 113

Message:

PDCV2 ClientDeactivated - ClientId=%{ClientId}(%{TaskName}, %{SubTaskName})(activationHandle=%{Status}) activationCount=%{ActivationCount}, upCounter=%{ActivationsUpCounter}, Status=%{ActivationDuration}

Event Data:

# Name In Type
Out Type
1 ClientId win:UInt32 xs:unsignedInt
2 TaskNameLength win:UInt32 xs:unsignedInt
3 TaskName win:UnicodeString xs:string
4 SubTaskLength win:UInt32 xs:unsignedInt
5 SubTaskName win:UnicodeString xs:string
6 ActivationCount win:UInt32 xs:unsignedInt
7 ActivationsUpCounter win:UInt32 xs:unsignedInt
8 ActivationDuration win:UInt64 xs:unsignedLong
9 Status win:UInt32 xs:unsignedInt
10 ActivationHandle win:Pointer win:HexInt64
11 PdcVersion win:UInt32 xs:unsignedInt
12 ModuleNameLength win:UInt32 xs:unsignedInt
13 ModuleName win:UnicodeString xs:string
14 BrokeredForPID win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 0

Fingerprint: EZBETOZ5K44TK