Elastic Windows Event Explorer


Publisher - Microsoft-Windows-WMI-Activity

Event ID 5857

Message:

%{ProviderName} provider started with result code %{Code}. HostProcess = %{HostProcess}; ProcessID = %{ProcessID}; ProviderPath = %{ProviderPath}

Event Data:

# Name In Type
Out Type
1 ProviderName win:UnicodeString xs:string
2 Code win:HexInt32 win:HexInt32
3 HostProcess win:UnicodeString xs:string
4 ProcessID win:UInt32 xs:unsignedInt
5 ProviderPath win:UnicodeString xs:string

Observed Windows Versions:

Version: 0

Fingerprint: 7GIO54ZAFP7CI