Elastic Windows Event Explorer


Publisher - Microsoft-Windows-PDC

Event ID 116

Message:

PDCV2 SetBrokeredPID- ClientId=%{ClientId}(%{TaskName}, %{SubTaskName})(activationHandle=%{ActivationHandle}) PID=%{BrokeredForPID}, expectedMax=%{ExpectedMaximumDuration}, activationCount=%{ActivationCount}, upCounter=%{ActivationsUpCounter}, activationDuration=%{ActivationDuration}, renewalUpcount=%{RenewalUpCounter}, status=%{Status}

Event Data:

# Name In Type
Out Type
1 ClientId win:UInt32 xs:unsignedInt
2 TaskNameLength win:UInt32 xs:unsignedInt
3 TaskName win:UnicodeString xs:string
4 SubTaskLength win:UInt32 xs:unsignedInt
5 SubTaskName win:UnicodeString xs:string
6 ExpectedMaximumDuration win:UInt32 xs:unsignedInt
7 ActivationCount win:UInt32 xs:unsignedInt
8 ActivationsUpCounter win:UInt32 xs:unsignedInt
9 ActivationDuration win:UInt64 xs:unsignedLong
10 RenewalUpCounter win:UInt32 xs:unsignedInt
11 BrokeredForPID win:UInt32 xs:unsignedInt
12 Status win:UInt32 xs:unsignedInt
13 ActivationHandle win:Pointer win:HexInt64
14 ModuleNameLength win:UInt32 xs:unsignedInt
15 ModuleName win:UnicodeString xs:string

Observed Windows Versions:

Version: 0

Fingerprint: TPETPH6AWAPCM