Event ID 26 — Processor Number in group Group exposes the following: IdleStateCount idle state(s) PerfStateCount performance state(s) ThrottleStateCount throttle state(s).

Provider: Microsoft-Windows-Kernel-Processor-Power
Channel: System
Level: Informational
Task: Summary

Description

Processor in group exposes the following.

Message #

Processor %2 in group %1 exposes the following:

%3 idle state(s)
%4 performance state(s)
%5 throttle state(s)

Fields #

Name	Description
`Group` UInt16	—
`Number` UInt8	—
`IdleStateCount` UInt32	—
`PerfStateCount` UInt32	—
`ThrottleStateCount` UInt32	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Kernel-Processor-Power",
    "guid": "0F67E49F-FE51-4E9F-B490-6F2948CC6027",
    "event_source_name": "",
    "event_id": 26,
    "version": 0,
    "level": 4,
    "task": 4,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2013-10-23T16:15:44.390626+00:00",
    "event_record_id": 25,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 52
    },
    "channel": "System",
    "computer": "37L4247D28-05",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Group": 0,
    "Number": 0,
    "IdleStateCount": 1,
    "PerfStateCount": 0,
    "ThrottleStateCount": 0
  },
  "message": "Hyper-V logical processor 0 exposes the following:\n\n1 idle state(s)\n0 performance state(s)\n0 throttle state(s)"
}

References #

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx