Microsoft-Windows-Store
9 events across 1 channel
| Event ID | Title | Channel |
|---|---|---|
| 8000 | Process Name: Process Name. | Operational |
| 8001 | Message Function: Function Source: Source (Line Number). | Operational |
| 8002 | Message Function: Function Source: Source (Line Number). | Operational |
| 8003 | Message Function: Function Source: Source (Line Number). | Operational |
| 8010 | StateMachine: ThreadID: StateMachineName: Enqueue: EventName. | Operational |
| 8011 | State Machine: Thread ID: State Machine Name: Dispatch: Event Name => Current … | Operational |
| 8012 | State Machine: Thread ID: Current State Change: New State => State Machine Name. | Operational |
| 8013 | StateMachine: ThreadID: StateMachineName Pumping: CurrentState. | Operational |
| 8014 | StateMachine: ThreadID: StateMachineName: Done: CurrentState. | Operational |
Event ID 8000 — Process Name: Process Name.
#Description
Process Name: Process Name.
Message #
Fields #
| Name | Description |
|---|---|
Process Name UnicodeString | — |
Module Name UnicodeString | — |
Build Name UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Store",
"guid": "9C2A37F3-E5FD-5CAE-BCD1-43DAFEEE1FF0",
"event_source_name": "",
"event_id": 8000,
"version": 0,
"level": 4,
"task": 8000,
"opcode": 0,
"keywords": 9223389629040820224,
"time_created": "2023-11-06T01:36:16.094176+00:00",
"event_record_id": 7989,
"correlation": {
"ActivityID": "E4DB489E-1037-0003-584E-DBE43710DA01"
},
"execution": {
"process_id": 2960,
"thread_id": 19760
},
"channel": "Microsoft-Windows-Store/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
}
},
"event_data": {
"Process Name": "C:\\Windows\\system32\\sihost.exe",
"Module Name": "C:\\Windows\\SYSTEM32\\licensemanagerapi.dll",
"Build Name": "22621.1.amd64fre.ni_release.220506-1250"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 8001 — Message Function: Function Source: Source (Line Number).
#Message #
Fields #
| Name | Description |
|---|---|
Message UnicodeString | — |
Function AnsiString | — |
Source AnsiString | — |
Line Number UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Store",
"guid": "9C2A37F3-E5FD-5CAE-BCD1-43DAFEEE1FF0",
"event_source_name": "",
"event_id": 8001,
"version": 0,
"level": 4,
"task": 8001,
"opcode": 14,
"keywords": 9223389629040820224,
"time_created": "2023-11-06T02:03:34.794538+00:00",
"event_record_id": 9090,
"correlation": {},
"execution": {
"process_id": 920,
"thread_id": 12036
},
"channel": "Microsoft-Windows-Store/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"Message": "Skipping license manager: PFN Microsoft.WindowsTerminal_1.18.2822.0_x64__8wekyb3d8bbwe",
"Function": "InvokeLicenseManagerRequired",
"Source": "onecoreuap\\enduser\\winstore\\licensemanager\\apisethost\\activationapis.cpp",
"Line Number": 373
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 8002 — Message Function: Function Source: Source (Line Number).
#Message #
Fields #
| Name | Description |
|---|---|
Message UnicodeString | — |
Function AnsiString | — |
Source AnsiString | — |
Line Number UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Store",
"guid": "9C2A37F3-E5FD-5CAE-BCD1-43DAFEEE1FF0",
"event_source_name": "",
"event_id": 8002,
"version": 0,
"level": 3,
"task": 8001,
"opcode": 13,
"keywords": 9223389629040820224,
"time_created": "2023-11-06T01:39:11.970850+00:00",
"event_record_id": 8246,
"correlation": {},
"execution": {
"process_id": 5720,
"thread_id": 7736
},
"channel": "Microsoft-Windows-Store/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-19"
}
},
"event_data": {
"Message": "ContentId: 32ad62fb-8c4f-bf5a-b766-338fbaed9953, Salt: none, Payload: none",
"Function": "ApplicationLicenseManager::EnsureLicenseForApplicationDeployment",
"Source": "onecoreuap\\enduser\\winstore\\licensemanager\\lib\\applicensemanager.cpp",
"Line Number": 212
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 8003 — Message Function: Function Source: Source (Line Number).
#Message #
Fields #
| Name | Description |
|---|---|
Message UnicodeString | — |
Function AnsiString | — |
Source AnsiString | — |
Line Number UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Store",
"guid": "9C2A37F3-E5FD-5CAE-BCD1-43DAFEEE1FF0",
"event_source_name": "",
"event_id": 8003,
"version": 0,
"level": 2,
"task": 8001,
"opcode": 12,
"keywords": 9223389629040820224,
"time_created": "2023-11-05T22:33:07.235782+00:00",
"event_record_id": 4662,
"correlation": {},
"execution": {
"process_id": 5720,
"thread_id": 5840
},
"channel": "Microsoft-Windows-Store/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-19"
}
},
"event_data": {
"Message": "Service Fault: status: 400 code: ContentIdNotInCatalog: description: The requested content id could not be found in the catalog. data: [\"3ef3c5a0-3c55-7606-2218-d4fc8c9ec8fc\"] (Corr: IwcXON2AV060v+du.2, Svr: ent-56c895c9b6-z8r8h), token broker error: 0x80070520, number of MSA tickets: 0, number of AAD tickets: 0",
"Function": "LogServiceFault",
"Source": "onecoreuap\\enduser\\winstore\\licensemanager\\lib\\telemetry.cpp",
"Line Number": 134
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 8010 — StateMachine: ThreadID: StateMachineName: Enqueue: EventName.
Event ID 8011 — State Machine: Thread ID: State Machine Name: Dispatch: Event Name => Current State.
#Description
State Machine: Thread ID: State Machine Name: Dispatch: Event Name => Current State.
Message #
Fields #
| Name | Description |
|---|---|
State Machine Pointer | — |
Thread ID UInt32 | — |
State Machine Name UnicodeString | — |
Event Name AnsiString | — |
Current State UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Store",
"guid": "9C2A37F3-E5FD-5CAE-BCD1-43DAFEEE1FF0",
"event_source_name": "",
"event_id": 8011,
"version": 0,
"level": 5,
"task": 8002,
"opcode": 16,
"keywords": 9223407221226864640,
"time_created": "2023-11-06T01:42:52.616891+00:00",
"event_record_id": 9027,
"correlation": {},
"execution": {
"process_id": 5720,
"thread_id": 14172
},
"channel": "Microsoft-Windows-Store/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-19"
}
},
"event_data": {
"State Machine": "0x1c5318ec830",
"Thread ID": 14172,
"State Machine Name": "32ad62fb-8c4f-bf5a-b766-338fbaed9953",
"Event Name": "Key:Unregistered",
"Current State": "Key:Initial"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 8012 — State Machine: Thread ID: Current State Change: New State => State Machine Name.
#Description
State Machine: Thread ID: Current State Change: New State => State Machine Name.
Message #
Fields #
| Name | Description |
|---|---|
State Machine Pointer | — |
Thread ID UInt32 | — |
Current State UnicodeString | — |
New State UnicodeString | — |
State Machine Name UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Store",
"guid": "9C2A37F3-E5FD-5CAE-BCD1-43DAFEEE1FF0",
"event_source_name": "",
"event_id": 8012,
"version": 0,
"level": 5,
"task": 8002,
"opcode": 17,
"keywords": 9223407221226864640,
"time_created": "2023-11-06T01:42:52.616895+00:00",
"event_record_id": 9028,
"correlation": {},
"execution": {
"process_id": 5720,
"thread_id": 14172
},
"channel": "Microsoft-Windows-Store/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-19"
}
},
"event_data": {
"State Machine": "0x1c5318ec830",
"Thread ID": 14172,
"Current State": "Key:Initial",
"New State": "Key:Invalid",
"State Machine Name": "32ad62fb-8c4f-bf5a-b766-338fbaed9953"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline