Microsoft-Windows-Store

9 events across 1 channel

Event ID	Title	Channel
8000	Process Name: %1 Module Name: %2 Build: %3.	Operational
8001	%1 Function: %2 Source: %3 (%4).	Operational
8002	%1 Function: %2 Source: %3 (%4).	Operational
8003	%1 Function: %2 Source: %3 (%4).	Operational
8010	%1: %2: %3: Enqueue: %4.	Operational
8011	%1: %2: %3: Dispatch: %4 => %5.	Operational
8012	%1: %2: %3 Change: %4 => %5.	Operational
8013	%1: %2: %3 Pumping: %4.	Operational
8014	%1: %2: %3: Done: %4.	Operational

Event ID 8000 — Process Name: %1 Module Name: %2 Build: %3.

Provider: Microsoft-Windows-Store
Channel: Operational
Level: 4
Samples: 1

Message

Process Name: %1
Module Name: %2
Build: %3

Fields

Name	Description
`Process Name`	—
`Module Name`	—
`Build Name`	—

Example Event

system:
  provider: Microsoft-Windows-Store
  guid: 9C2A37F3-E5FD-5CAE-BCD1-43DAFEEE1FF0
  event_source_name: ''
  event_id: 8000
  version: 0
  level: 4
  task: 8000
  opcode: 0
  keywords: 9223389629040820224
  time_created: '2023-11-06T01:36:16.094176+00:00'
  event_record_id: 7989
  correlation:
    ActivityID: E4DB489E-1037-0003-584E-DBE43710DA01
  execution:
    process_id: 2960
    thread_id: 19760
  channel: Microsoft-Windows-Store/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
  Process Name: C:\Windows\system32\sihost.exe
  Module Name: C:\Windows\SYSTEM32\licensemanagerapi.dll
  Build Name: 22621.1.amd64fre.ni_release.220506-1250
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 8001 — %1 Function: %2 Source: %3 (%4).

Provider: Microsoft-Windows-Store
Channel: Operational
Level: 4
Samples: 1

Message

%1
Function: %2
Source: %3 (%4)

Fields

Name	Description
`Message`	—
`Function`	—
`Source`	—
`Line Number`	—

Example Event

system:
  provider: Microsoft-Windows-Store
  guid: 9C2A37F3-E5FD-5CAE-BCD1-43DAFEEE1FF0
  event_source_name: ''
  event_id: 8001
  version: 0
  level: 4
  task: 8001
  opcode: 14
  keywords: 9223389629040820224
  time_created: '2023-11-06T02:03:34.794538+00:00'
  event_record_id: 9090
  correlation: {}
  execution:
    process_id: 920
    thread_id: 12036
  channel: Microsoft-Windows-Store/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data:
  Message: 'Skipping license manager: PFN Microsoft.WindowsTerminal_1.18.2822.0_x64__8wekyb3d8bbwe'
  Function: InvokeLicenseManagerRequired
  Source: onecoreuap\enduser\winstore\licensemanager\apisethost\activationapis.cpp
  Line Number: 373
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 8002 — %1 Function: %2 Source: %3 (%4).

Provider: Microsoft-Windows-Store
Channel: Operational
Level: 3
Samples: 1

Message

%1
Function: %2
Source: %3 (%4)

Fields

Name	Description
`Message`	—
`Function`	—
`Source`	—
`Line Number`	—

Example Event

system:
  provider: Microsoft-Windows-Store
  guid: 9C2A37F3-E5FD-5CAE-BCD1-43DAFEEE1FF0
  event_source_name: ''
  event_id: 8002
  version: 0
  level: 3
  task: 8001
  opcode: 13
  keywords: 9223389629040820224
  time_created: '2023-11-06T01:39:11.970850+00:00'
  event_record_id: 8246
  correlation: {}
  execution:
    process_id: 5720
    thread_id: 7736
  channel: Microsoft-Windows-Store/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-19
event_data:
  Message: 'ContentId: 32ad62fb-8c4f-bf5a-b766-338fbaed9953, Salt: none, Payload:
    none'
  Function: ApplicationLicenseManager::EnsureLicenseForApplicationDeployment
  Source: onecoreuap\enduser\winstore\licensemanager\lib\applicensemanager.cpp
  Line Number: 212
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 8003 — %1 Function: %2 Source: %3 (%4).

Provider: Microsoft-Windows-Store
Channel: Operational
Level: 2
Samples: 1

Message

%1
Function: %2
Source: %3 (%4)

Fields

Name	Description
`Message`	—
`Function`	—
`Source`	—
`Line Number`	—

Example Event

system:
  provider: Microsoft-Windows-Store
  guid: 9C2A37F3-E5FD-5CAE-BCD1-43DAFEEE1FF0
  event_source_name: ''
  event_id: 8003
  version: 0
  level: 2
  task: 8001
  opcode: 12
  keywords: 9223389629040820224
  time_created: '2023-11-05T22:33:07.235782+00:00'
  event_record_id: 4662
  correlation: {}
  execution:
    process_id: 5720
    thread_id: 5840
  channel: Microsoft-Windows-Store/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-19
event_data:
  Message: 'Service Fault: status: 400 code: ContentIdNotInCatalog: description: The
    requested content id could not be found in the catalog. data: ["3ef3c5a0-3c55-7606-2218-d4fc8c9ec8fc"]
    (Corr: IwcXON2AV060v+du.2, Svr: ent-56c895c9b6-z8r8h), token broker error: 0x80070520,
    number of MSA tickets: 0, number of AAD tickets: 0'
  Function: LogServiceFault
  Source: onecoreuap\enduser\winstore\licensemanager\lib\telemetry.cpp
  Line Number: 134
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 8010 — %1: %2: %3: Enqueue: %4.

Provider: Microsoft-Windows-Store
Channel: Operational

Message

%1: %2: %3: Enqueue: %4

Fields

Name	Description
`StateMachine`	—
`ThreadID`	—
`StateMachineName`	—
`EventName`	—

Event ID 8011 — %1: %2: %3: Dispatch: %4 => %5.

Provider: Microsoft-Windows-Store
Channel: Operational
Level: 5
Samples: 1

Message

%1: %2: %3: Dispatch: %4 => %5

Fields

Name	Description
`State Machine`	—
`Thread ID`	—
`State Machine Name`	—
`Event Name`	—
`Current State`	—

Example Event

system:
  provider: Microsoft-Windows-Store
  guid: 9C2A37F3-E5FD-5CAE-BCD1-43DAFEEE1FF0
  event_source_name: ''
  event_id: 8011
  version: 0
  level: 5
  task: 8002
  opcode: 16
  keywords: 9223407221226864640
  time_created: '2023-11-06T01:42:52.616891+00:00'
  event_record_id: 9027
  correlation: {}
  execution:
    process_id: 5720
    thread_id: 14172
  channel: Microsoft-Windows-Store/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-19
event_data:
  State Machine: '0x1c5318ec830'
  Thread ID: 14172
  State Machine Name: 32ad62fb-8c4f-bf5a-b766-338fbaed9953
  Event Name: Key:Unregistered
  Current State: Key:Initial
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 8012 — %1: %2: %3 Change: %4 => %5.

Provider: Microsoft-Windows-Store
Channel: Operational
Level: 5
Samples: 1

Message

%1: %2: %3 Change: %4 => %5

Fields

Name	Description
`State Machine`	—
`Thread ID`	—
`Current State`	—
`New State`	—
`State Machine Name`	—

Example Event

system:
  provider: Microsoft-Windows-Store
  guid: 9C2A37F3-E5FD-5CAE-BCD1-43DAFEEE1FF0
  event_source_name: ''
  event_id: 8012
  version: 0
  level: 5
  task: 8002
  opcode: 17
  keywords: 9223407221226864640
  time_created: '2023-11-06T01:42:52.616895+00:00'
  event_record_id: 9028
  correlation: {}
  execution:
    process_id: 5720
    thread_id: 14172
  channel: Microsoft-Windows-Store/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-19
event_data:
  State Machine: '0x1c5318ec830'
  Thread ID: 14172
  Current State: Key:Initial
  New State: Key:Invalid
  State Machine Name: 32ad62fb-8c4f-bf5a-b766-338fbaed9953
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 8013 — %1: %2: %3 Pumping: %4.

Provider: Microsoft-Windows-Store
Channel: Operational

Message

%1: %2: %3 Pumping: %4

Fields

Name	Description
`StateMachine`	—
`ThreadID`	—
`StateMachineName`	—
`CurrentState`	—

Event ID 8014 — %1: %2: %3: Done: %4.

Provider: Microsoft-Windows-Store
Channel: Operational

Message

%1: %2: %3: Done: %4

Fields

Name	Description
`StateMachine`	—
`ThreadID`	—
`StateMachineName`	—
`CurrentState`	—