MessageIdVersionQualifiersLevelTaskOpcodeKeywordsRecordIdProviderNameProviderIdLogNameProcessIdThreadIdMachineNameUserIdTimeCreatedActivityIdRelatedActivityIdContainerLogMatchedQueryIdsBookmarkLevelDisplayNameOpcodeDisplayNameTaskDisplayNameKeywordsDisplayNamesProperties
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904854Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5245036hv-cinder-76019S-1-5-208/27/2021 11:31:46 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904853Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5245036hv-cinder-76019S-1-5-208/27/2021 11:29:45 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1148; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904852Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11483632hv-cinder-76019S-1-5-188/27/2021 11:28:02 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904851Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5241320hv-cinder-76019S-1-5-208/27/2021 11:28:01 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {1E79330A-CA4A-424F-8314-BE6E9CE08FEC}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1407995606; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904850Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:27:33 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {A85C5238-FAB9-4E4F-98FC-CA0EBCAA7FAE}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-e2497ad8-f27c-4594-85fb-ec952fe625bd"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904849Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:27:31 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {543146B2-5302-4A9E-B91C-B1AAF0298716}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-e2497ad8-f27c-4594-85fb-ec952fe625bd",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-76019"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904848Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:27:31 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll585700004611686018427387904847Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational39682612hv-cinder-76019S-1-5-198/27/2021 11:27:31 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %SystemRoot%\System32\storagewmi.dll585700004611686018427387904846Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5241320hv-cinder-76019S-1-5-208/27/2021 11:27:31 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904845Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5241320hv-cinder-76019S-1-5-208/27/2021 11:26:41 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904844Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5241320hv-cinder-76019S-1-5-208/27/2021 11:25:39 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {4F3DB86B-4E6E-4D5E-B411-B4CEE99628B9}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1885902030; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904843Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6003988hv-cinder-76019S-1-5-188/27/2021 11:24:59 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVSS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %systemroot%\system32\wbem\vsswmi.dll585700004611686018427387904842Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5241320hv-cinder-76019S-1-5-208/27/2021 11:24:59 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {08A1ED59-241C-4089-A813-0460491ACC7A}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-28568943-4a3d-4d6f-9bcf-5ec01982b596"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904841Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001344hv-cinder-76019S-1-5-188/27/2021 11:24:56 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {BB90E5FD-EA4E-403D-BABA-24E4B26BA826}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-28568943-4a3d-4d6f-9bcf-5ec01982b596",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-76019"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904840Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:24:56 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {12F69CB5-6534-4FFB-B234-47D301F87FCD}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{2809D53A-9CA2-49D5-9024-2A5FAE1EEE88}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904839Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:24:52 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {607E7F59-42BD-4942-8486-672E64A44BFB}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=29592238; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904838Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:24:51 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {432B02B3-D12F-4F05-BE43-CE1302155CEA}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-4e494c7f-e2b7-4882-8093-9bf0d2847bd3"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904837Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:24:50 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {842E0AD3-8A02-4660-8CE8-9BB30B30C0BF}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-4e494c7f-e2b7-4882-8093-9bf0d2847bd3",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-76019"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904836Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004296hv-cinder-76019S-1-5-188/27/2021 11:24:50 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3928; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll585700004611686018427387904835Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational39283232hv-cinder-76019S-1-5-198/27/2021 11:24:50 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %SystemRoot%\System32\storagewmi.dll585700004611686018427387904834Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5241320hv-cinder-76019S-1-5-208/27/2021 11:24:49 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {F49FD58F-9599-421B-9701-6D347BAA0948}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1676536153; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904833Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001344hv-cinder-76019S-1-5-188/27/2021 11:23:56 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FE9427C4-207D-409B-920D-C87623A0E8AD}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=873277531; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904832Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6005084hv-cinder-76019S-1-5-188/27/2021 11:23:54 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {AA87129C-13D0-4E16-BD8E-250BFD3F7C04}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1173522937; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904831Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6005084hv-cinder-76019S-1-5-188/27/2021 11:23:53 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {7917D149-8CBA-4656-87B4-85EE104D4417}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{69CC7C20-7A77-4A1D-AB40-89B24EF2BCC2}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904830Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:23:52 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {EB6AB187-095E-40B8-B5FB-BB7F21DE7932}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2047012391; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904829Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:23:51 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {79D65EEC-7107-4EC6-A590-7729C4842FFA}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{DD1F1B16-7E4B-4285-9168-8F255BAE6188}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904828Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:23:49 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {30E46032-693D-4FC6-804B-4B70C8155197}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=350989828; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904827Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:23:48 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {973C6C7F-2EF9-4578-BE5B-2E34DCC0FC56}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=477608567; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904826Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6005084hv-cinder-76019S-1-5-188/27/2021 11:23:47 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FE636F27-2F23-48F0-8B97-B26FD60F13CA}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1198580924; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904825Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:23:37 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {55CF5BF2-59E4-4810-8CCF-293F69A158AA}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=142336537; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904824Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6005084hv-cinder-76019S-1-5-188/27/2021 11:23:36 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {E3EA1611-C768-4A3C-B58B-A4F2E6A57857}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-e396793c-806d-4426-89dd-c7b5c1a8259d"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904823Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:23:21 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {92578E1C-8204-4354-9E28-C8CF3401231E}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-e396793c-806d-4426-89dd-c7b5c1a8259d",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-76019"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904822Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:23:20 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {5DDFB397-05AE-486F-9E47-9E2A81CCC3B1}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{53684B85-781F-48E8-9E85-C08DBCF0CE90}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904821Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6005084hv-cinder-76019S-1-5-188/27/2021 11:23:18 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {4EEA1B9C-98EB-4320-91BC-C4BC55E1403E}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{720BD745-61A5-4FA1-A384-79D14BB5D68F}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904820Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6005084hv-cinder-76019S-1-5-188/27/2021 11:23:17 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {6B3FF073-D8AD-4ABF-971A-14668E655FAE}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{18A15230-FF1E-4D46-8D39-7BA6DBAC7DEA}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904819Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:23:16 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {05295AD2-4BF1-48CF-A70C-87A992549B37}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=735774902; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904818Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:22:56 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {76362BA8-FE69-4447-B8F1-A0B64B263AF6}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1125486595; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904817Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001344hv-cinder-76019S-1-5-188/27/2021 11:22:54 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {D546E98A-3229-428C-AD59-A11CC30B3A5E}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=875147496; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904816Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:22:53 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {009C45A5-BE33-48A7-94C9-54C0E310EF33}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=766993214; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904815Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:22:41 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {DADB22A9-AD5E-4F5F-9652-AB8E86197C0C}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1679366035; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904814Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6005084hv-cinder-76019S-1-5-188/27/2021 11:22:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {E0A86A2B-78FD-48D2-8DA7-89A08C2CB047}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=527198373; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904813Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 11:22:39 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {EA2B2D80-863D-467E-B8DC-DAE8CB446D20}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1774210885; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904812Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:22:32 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {271239DA-9AED-4468-8D47-7D4DA58BB60D}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{5654EB25-0EAC-4DF4-A649-420A9460B403}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904811Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:22:32 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {D5CEF910-2E6B-4C91-B9CB-045AB2AA903D}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{795A4968-D3DE-41BF-8674-2256F0F88552}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904810Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:22:31 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {28963A1A-B7ED-4792-BD62-8B1E316B6513}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=827424531; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904809Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:22:31 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {E31FD6DA-584F-4D87-8217-CE53C30935DB}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{9A40DC8A-355A-404A-B00E-9253B0D9BB72}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904808Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:22:15 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {479FBDB7-4983-4D6E-8939-A9AD653CFE85}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-51662c15-65ca-4f68-9cf8-aa2ce73ae553"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904807Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:22:15 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {92AF6E6A-FEFE-4131-9DFC-0F822A6E88D2}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-51662c15-65ca-4f68-9cf8-aa2ce73ae553",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-76019"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904806Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004296hv-cinder-76019S-1-5-188/27/2021 11:22:13 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00BCD6D1-22E9-4173-9FC3-296B698AC8D6}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=177888648; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904805Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004296hv-cinder-76019S-1-5-188/27/2021 11:22:13 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {B9C82482-DE04-4122-B8BD-17E8F7EB4EFE}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{242FB33A-5CB1-4867-A0C7-7BBB921CB114}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904804Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:22:05 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {5FE89574-AF37-4A51-87E0-42C730FCC70E}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{041B13D7-2091-4918-B47F-7D51775D6193}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904803Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:22:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {3D03F41B-CB41-4795-A529-81AE5673BC52}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{84072BC2-B102-416C-87F9-A30684A64488}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904802Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:22:02 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {2D7E93D5-5253-4EF2-8D91-EDF0DB5171AB}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1080388630; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904801Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6003988hv-cinder-76019S-1-5-188/27/2021 11:21:24 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %SystemRoot%\System32\storagewmi.dll585700004611686018427387904800Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5241320hv-cinder-76019S-1-5-208/27/2021 11:21:23 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {89DE4499-E8A3-419D-96AB-CBEA6CCB9842}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1478694135; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904799Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:21:10 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {5FC90C17-85B0-42A1-A9EC-37C6368CDDEC}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=190085496; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904798Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004296hv-cinder-76019S-1-5-188/27/2021 11:20:39 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {2A8DE332-3B8B-48B0-B4A2-2727C4398751}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=153457735; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904797Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004296hv-cinder-76019S-1-5-188/27/2021 11:20:37 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {4B8C6F33-6E78-4E2C-9BC5-39F31D7351BE}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2018690688; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904796Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004296hv-cinder-76019S-1-5-188/27/2021 11:20:36 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {0A19F4CC-4114-4EF2-A0A3-76FBE9B3B0D8}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=250360235; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904795Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004296hv-cinder-76019S-1-5-188/27/2021 11:20:36 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {B4523FD2-FD2B-4718-9A26-3FDB4CEAECDF}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1409363658; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904794Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002948hv-cinder-76019S-1-5-188/27/2021 11:20:24 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {5BD0A467-6CC8-4D65-A819-2FEFAD0A77C9}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=657244633; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904793Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001076hv-cinder-76019S-1-5-188/27/2021 11:20:18 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {DC1AE129-49FD-4979-B7FE-7E2ACA339E59}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=149981239; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904792Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002948hv-cinder-76019S-1-5-188/27/2021 11:20:17 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {F64A7514-A274-4137-B903-AC2A66321D45}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{63249333-B0A1-4752-9412-FBEFD34F1276}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904791Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001076hv-cinder-76019S-1-5-188/27/2021 11:20:16 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {D755B8A6-7B43-4E9E-B242-36E9C14C09EC}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1416111896; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904790Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004296hv-cinder-76019S-1-5-188/27/2021 11:20:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {A9B5E0B9-8F5C-4295-AD55-A3A4666C3BD9}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1088835137; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904789Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004296hv-cinder-76019S-1-5-188/27/2021 11:19:59 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {40E03272-3C29-4B88-B418-6CC7427F1AC3}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1404015304; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904788Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004296hv-cinder-76019S-1-5-188/27/2021 11:19:58 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {27F6371B-64F7-4D0E-BBCE-DB49B03A2EE9}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{5458305B-4A68-4AC9-8413-D82CC87FC1AD}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904787Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002948hv-cinder-76019S-1-5-188/27/2021 11:19:57 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {3EA8E080-2030-4469-AEEB-FAC80718A7DF}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{A719755B-37BB-4247-9819-83305DA6CC8E}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904786Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:19:56 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C6FCC03E-B8F5-4DDC-8EFC-570C03BE3B16}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{27C73B7D-FE57-46B9-95AB-12F4A1EFE00D}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904785Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002948hv-cinder-76019S-1-5-188/27/2021 11:19:47 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {77EC62F0-A970-45AB-B2A7-6FD216237DD5}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{3A812620-A0BC-4CF7-9894-1BC61E3C60BC}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904784Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001076hv-cinder-76019S-1-5-188/27/2021 11:19:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {3A0318EC-2388-4F6A-96E7-9BDC989EF304}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=745941321; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904783Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001076hv-cinder-76019S-1-5-188/27/2021 11:19:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {CAAD8D9D-BB7D-437F-98D2-22742020E58D}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=652059373; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904782Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001076hv-cinder-76019S-1-5-188/27/2021 11:19:35 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {1E9D2B46-E1D6-49F5-8113-0D002395739D}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{3B293934-A35B-4A13-9DFE-65ECE5916259}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904781Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6003988hv-cinder-76019S-1-5-188/27/2021 11:19:33 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {88329335-8530-4534-83DA-BD078ACA83C5}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1245516547; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904780Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6003988hv-cinder-76019S-1-5-188/27/2021 11:19:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {D50C9EE4-A27A-445A-8AD7-00E165C66B0C}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1319009308; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904779Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004296hv-cinder-76019S-1-5-188/27/2021 11:19:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {DC1C8B6E-AD7E-47BE-87E6-C7B1860741B8}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=627241486; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904778Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004296hv-cinder-76019S-1-5-188/27/2021 11:18:59 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {D7B9FE36-3755-4847-B36F-E3DF67FFD7FB}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1033354864; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904777Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002948hv-cinder-76019S-1-5-188/27/2021 11:18:44 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {1A1AEE5E-931D-47CE-B2AE-64F5E890F533}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=360270983; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904776Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002948hv-cinder-76019S-1-5-188/27/2021 11:18:42 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {F15EC6A4-C83D-4858-A3C0-A35E88C77A52}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2035460948; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904775Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001120hv-cinder-76019S-1-5-188/27/2021 11:18:41 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {CCE225BF-76EA-4069-881D-9E6AB3D0D2A0}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-c4cbb174-a503-413a-9f0a-71c7874d3df7"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904774Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002948hv-cinder-76019S-1-5-188/27/2021 11:18:31 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {D792D0EE-597F-4CBD-A21A-333C250AFE82}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-c4cbb174-a503-413a-9f0a-71c7874d3df7",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-76019"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904773Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002948hv-cinder-76019S-1-5-188/27/2021 11:18:31 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {B57A6606-DFB4-4298-BCAE-F0EFE31D273B}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-6195ff51-873d-4056-afe4-eafc87f09fd2"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904772Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:18:29 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {752461D0-6296-4957-BE30-B8A1EF535879}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-6195ff51-873d-4056-afe4-eafc87f09fd2",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-76019"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904771Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6005084hv-cinder-76019S-1-5-188/27/2021 11:18:29 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {908BB68D-4FC8-4206-8D59-14D65DCA5AFD}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-28568943-4a3d-4d6f-9bcf-5ec01982b596"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904770Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:18:17 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {836D8D9B-99C2-4374-9B22-74F6321D4AA6}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-28568943-4a3d-4d6f-9bcf-5ec01982b596",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-76019"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904769Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6005084hv-cinder-76019S-1-5-188/27/2021 11:18:17 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9A3F8D46-BB03-41A0-B393-308B02723393}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1547733922; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904768Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001120hv-cinder-76019S-1-5-188/27/2021 11:18:17 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {A0EFC62E-90E4-4066-B870-493D154E4794}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-a529dc7e-627c-427f-9fc5-ddc8f42ff472"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904767Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001120hv-cinder-76019S-1-5-188/27/2021 11:18:16 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {CD7BA935-B336-4F1B-A456-793D96EC4FA2}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-a529dc7e-627c-427f-9fc5-ddc8f42ff472",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-76019"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904766Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 11:18:16 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %SystemRoot%\System32\storagewmi.dll585700004611686018427387904765Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5241320hv-cinder-76019S-1-5-208/27/2021 11:17:55 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVSS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %systemroot%\system32\wbem\vsswmi.dll585700004611686018427387904764Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5241320hv-cinder-76019S-1-5-208/27/2021 11:17:53 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3928; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll585700004611686018427387904763Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational39283232hv-cinder-76019S-1-5-198/27/2021 11:17:53 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVSS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %systemroot%\system32\wbem\vsswmi.dll585700004611686018427387904762Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5241320hv-cinder-76019S-1-5-208/27/2021 11:17:13 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3928; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll585700004611686018427387904761Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational39283232hv-cinder-76019S-1-5-198/27/2021 11:17:12 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {2E1F0EF9-5EA0-4853-8B3B-91E349619F00}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1918003644; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904760Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002604hv-cinder-76019S-1-5-188/27/2021 11:16:16 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {E314A288-9AAF-4D1A-AC34-5099B9727CF6}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1174188344; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904759Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002604hv-cinder-76019S-1-5-188/27/2021 11:16:16 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {A4D6073C-F4B3-4215-949E-954048B63DC9}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=961597078; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904758Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 11:16:15 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {CDF1F30C-B135-43CF-9835-31C163188941}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{475CDF16-F1BA-4DB0-912D-1C3166AAEB12}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904757Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002604hv-cinder-76019S-1-5-188/27/2021 11:16:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {D881C7D5-70ED-40A2-87B2-639E5DDBB752}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{B11A541C-6126-4B65-ACD2-D4492C4962EC}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904756Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 11:16:13 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {82ADEC69-D06D-4DA6-A168-24A18F1101E1}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-a529dc7e-627c-427f-9fc5-ddc8f42ff472"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904755Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:16:07 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {7B441A4C-FA8F-4E5A-A170-AB3853F810E8}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-a529dc7e-627c-427f-9fc5-ddc8f42ff472",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-76019"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904754Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 11:16:06 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {28AE09A9-7511-4A4C-888F-CD81E8E658AC}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1986741427; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904753Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 11:15:53 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {F6D815C9-1A03-4439-BB2F-19432D8ADFF1}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1040281540; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904752Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 11:15:52 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {F78B8269-33F6-4672-AE55-A1E9B0820D97}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1438001882; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904751Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002604hv-cinder-76019S-1-5-188/27/2021 11:15:51 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {4085D1DD-E743-4F91-A247-56DB0947D515}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1324462197; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904750Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001076hv-cinder-76019S-1-5-188/27/2021 11:15:08 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {5AB31F3D-8E62-41B2-8B66-F6BB44894DF6}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=97812060; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904749Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:15:07 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {85278BEB-393B-458C-A6AD-B9A03BECB6F3}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-316bfe9b-93ec-4488-98dc-c50561457ae6"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904748Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 11:15:04 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {8EF4BDED-D93E-4811-A9D0-DEC8980768AA}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-316bfe9b-93ec-4488-98dc-c50561457ae6",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-76019"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904747Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 11:15:04 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {151D9DF9-D47A-4574-A2DD-4DE84105D8E4}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{C94C5E5D-F77E-4A3C-A300-161ED483AFA7}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904746Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002604hv-cinder-76019S-1-5-188/27/2021 11:15:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {8765C65E-3EDB-43DD-8B26-358EAABB6F36}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=644758167; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904745Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:15:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {8B152931-21A8-4CA9-A7CE-896CBEC569C3}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1915003402; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904744Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:15:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {83BB51A0-46ED-48F7-BBA2-803EDDAE2EE9}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2010003998; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904743Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:14:56 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {BD1579FA-4D16-4F4E-BFBC-9DCAB39CEB21}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1379285100; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904742Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001344hv-cinder-76019S-1-5-188/27/2021 11:14:54 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {07E3CE69-2965-4B78-BB2D-230C59B934EB}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=533234581; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904741Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:14:52 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {1DC4D7DC-973B-45AB-8DA5-375F2892A79C}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1350779030; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904740Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:14:45 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00908398-43D1-4F26-8622-4ED0E7622413}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1901429979; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904739Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 11:14:44 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {8F3D3B72-D1E4-4BAA-A514-6D0664F0BA7D}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{51310203-6CEE-48AF-AB50-4605849EC9C3}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904738Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 11:14:43 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {EA66096E-048D-4D3B-805B-6ADBE30B1E3B}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1316225211; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904737Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 11:14:41 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {344AD547-61DE-436B-8318-EE95B0426103}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1003564420; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904736Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:14:30 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {A61FC72F-BD39-44DE-BDCC-9D24B20AD721}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=191767496; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904735Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:14:29 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {E24C240C-ACE3-42FE-99AD-B4BA6AD5FB62}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{ECE25334-994D-4EE6-AA1F-5AA0D4BF66DB}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904734Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:14:28 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {EBDC3902-76E6-4C9E-B2BA-A73CA31D353B}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{12381F57-54F2-49C9-9919-83765EC8A87C}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904733Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:14:28 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {40B70107-54F0-4E8A-9E0B-2DC03B822284}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-fb51d9eb-81d1-4fc1-8403-bfc898237921"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904732Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 11:14:20 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {8DB4B80C-F54A-4394-AF66-70B165DE68EE}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-fb51d9eb-81d1-4fc1-8403-bfc898237921",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-76019"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904731Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 11:14:20 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D27FEC7-580E-4E7A-AA8B-09018C9F940E}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3244; Component = Unknown; Operation = Start IWbemServices::GetObject - root\virtualization\v2 : \\.\ROOT\virtualization\v2:Msvm_VirtualSystemSettingData.InstanceID="Microsoft:18082E5D-0E1D-46E8-BDC0-FFECBF0BA708"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904730Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004296hv-cinder-76019S-1-5-188/27/2021 11:13:53 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {8499B4F4-4320-4389-8019-E0E611456D94}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1858400887; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904729Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:13:48 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {EBF69ED4-8ADD-4FE8-90C5-54B9385392F8}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1567467222; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904728Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:13:47 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {BE25839E-D3C9-4B27-A4C9-8F77852BC7F7}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=343514210; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904727Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002604hv-cinder-76019S-1-5-188/27/2021 11:13:46 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {D2E1969B-0A7A-4EC9-93E1-94AE7996A7F5}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-47c0a9cd-47f4-4d3b-9c57-c0ea73d91ef5"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904726Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:13:45 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {80CA39B7-9400-4496-BE42-EFF9D7EA57E6}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-47c0a9cd-47f4-4d3b-9c57-c0ea73d91ef5",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-76019"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904725Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:13:45 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {8A9FB3E8-2C59-49FF-AFA8-48887D1BB921}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1636894543; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904724Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002604hv-cinder-76019S-1-5-188/27/2021 11:13:44 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {97ED6F4A-D6B9-46F9-9278-BE3EBB47499C}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1643979575; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904723Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:13:43 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {6BF23187-C434-42FB-82A1-6FDC846529FE}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1416092418; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904722Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:13:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {7B3E7555-A9EA-4F96-B68C-D2EFA8D77657}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{1F80A719-3D41-415C-A7E7-BEA69E059510}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904721Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600876hv-cinder-76019S-1-5-188/27/2021 11:13:38 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {37BB3D77-7E9E-4403-9F68-AA889E8C36D9}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{221F7ED9-2A07-4D07-A38F-CCAC6C4AD4E7}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904720Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:13:38 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {A893D8EC-C2AB-4A27-851A-0E684DF9229C}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{5DF255CC-5DC6-4112-AD5C-9BFF1944C4F9}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904719Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004296hv-cinder-76019S-1-5-188/27/2021 11:13:36 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {F49C990E-CDA1-445E-A317-69B2813F0973}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1290085581; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904718Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002948hv-cinder-76019S-1-5-188/27/2021 11:13:28 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C2C37D7B-F880-4975-B8AF-9B921A64D80C}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=622195227; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904717Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001076hv-cinder-76019S-1-5-188/27/2021 11:13:04 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {0E1462CC-FDD9-4B9C-A897-58AD1E664E9D}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{A945B976-BEF0-47B4-8AAD-741FA64C5600}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904716Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 11:13:00 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {856EFACD-AAD7-4FA6-94BF-D4CD2AB8EC8A}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1130170867; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904715Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002948hv-cinder-76019S-1-5-188/27/2021 11:12:55 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVSS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %systemroot%\system32\wbem\vsswmi.dll585700004611686018427387904714Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5245036hv-cinder-76019S-1-5-208/27/2021 11:12:42 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {53C73AFF-0618-4AC9-B6CF-AB1626BD6C72}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=359160206; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904713Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001068hv-cinder-76019S-1-5-188/27/2021 11:12:39 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {7D1ABF54-C84A-4E81-A98E-211B82F3B798}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2125469910; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904712Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002604hv-cinder-76019S-1-5-188/27/2021 11:12:32 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {0531FF1C-8285-4607-AB00-DD46240161A2}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1433941529; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904711Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:12:24 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {648D965E-AF5E-469C-BF05-47A4E2E43951}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-9aada47b-42fb-432a-8e5d-6a5095a8f689"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904710Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:12:23 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {D27FAA67-615B-4ED8-BC1B-DA4E002B8585}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-9aada47b-42fb-432a-8e5d-6a5095a8f689",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-76019"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904709Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001068hv-cinder-76019S-1-5-188/27/2021 11:12:23 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {DABA1FDE-C35D-401E-B7A1-C9A1AD16C11B}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3244; Component = Unknown; Operation = Start IWbemServices::GetObject - root\virtualization\v2 : \\.\ROOT\virtualization\v2:Msvm_VirtualSystemSettingData.InstanceID="Microsoft:74ED10FF-5288-420F-B5CC-4E1C2138F930"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904708Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001068hv-cinder-76019S-1-5-188/27/2021 11:11:53 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {3175CFA9-2AD9-4207-A648-5DE88B69EFA4}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-864b146c-5061-4f0a-bbb1-871b43012ab0"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904707Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002604hv-cinder-76019S-1-5-188/27/2021 11:11:39 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FBD83A2D-819C-4B2C-BBF3-A7992AE7E27A}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-864b146c-5061-4f0a-bbb1-871b43012ab0",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-76019"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904706Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001120hv-cinder-76019S-1-5-188/27/2021 11:11:39 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {43F6259B-F2C5-453E-A504-59DF7F720261}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1158671280; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904705Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002604hv-cinder-76019S-1-5-188/27/2021 11:11:18 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {E3147529-F9EB-4304-9A3D-5DCE66E5E70B}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=249539924; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904704Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002604hv-cinder-76019S-1-5-188/27/2021 11:11:18 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {F6A03720-9B40-4611-BDFC-3C79B6479EBF}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1914466603; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904703Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001120hv-cinder-76019S-1-5-188/27/2021 11:11:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {60CD8EC1-4DF4-464D-B54C-7972F78C6CD4}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-ab44ea94-ef5a-4107-b439-262fbd955464"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904702Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001120hv-cinder-76019S-1-5-188/27/2021 11:11:05 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {77CA8848-2B54-4D7C-AE0B-57A3650F10E9}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-ab44ea94-ef5a-4107-b439-262fbd955464",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-76019"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904701Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:11:05 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {E807FBA8-8003-48FA-BCB7-30E8E1619F75}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=52668931; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904700Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001120hv-cinder-76019S-1-5-188/27/2021 11:11:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FAA4AEDC-D2BC-47E9-AB09-A38458796AC2}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1709577861; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904699Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:10:58 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FE6D0C-588F-44C5-BF35-68263D61B1B4}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=536312262; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904698Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6005084hv-cinder-76019S-1-5-188/27/2021 11:10:54 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {1FF12CB2-E601-4149-A5EB-75985483217F}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=332092535; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904697Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001120hv-cinder-76019S-1-5-188/27/2021 11:10:50 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {16ADE13B-F391-4E4B-8A4D-64A4E8809512}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1839657195; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904696Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:10:49 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {32355BCD-DD6D-47F7-9CBA-4F8A8A77CF4F}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=154128421; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904695Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004296hv-cinder-76019S-1-5-188/27/2021 11:10:47 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {EB6A2C46-6682-4FD1-B62F-578028E5D290}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=823298371; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904694Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004984hv-cinder-76019S-1-5-188/27/2021 11:10:46 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {BD60FBCA-B96D-47EC-919C-71F8D7D968AA}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-3680641d-d200-4f54-8745-2248c4062dcd"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904693Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001120hv-cinder-76019S-1-5-188/27/2021 11:10:46 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {DD20747B-1273-4068-8FD3-44473BCC3D5D}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-3680641d-d200-4f54-8745-2248c4062dcd",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-76019"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904692Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001120hv-cinder-76019S-1-5-188/27/2021 11:10:46 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9576DC60-CDC8-4EB9-94AA-580CA6755DB0}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{E9CFD70A-D252-4B9A-B44D-74FA1E90ED08}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904691Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004984hv-cinder-76019S-1-5-188/27/2021 11:10:45 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {1E13A461-DA83-4318-81EC-5A171820E410}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=912994606; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904690Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:10:32 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {68540413-DC61-4444-B048-C7302D1CA633}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1015811557; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904689Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:10:32 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {3CCF8D0B-FC7E-4304-8D8F-1E747D83E6B5}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1801740289; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904688Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:10:29 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {8BC8471B-90D8-4ACB-9B08-CB2DDF1F7B0E}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{A0644373-B806-47B4-8CCB-EE7C4681D69C}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904687Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6005084hv-cinder-76019S-1-5-188/27/2021 11:10:29 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {04BEB09A-D634-4EB7-AD8A-20EDE231E794}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{1766C23C-EF2C-4B31-99BA-0CBB58BACB5A}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904686Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:10:29 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {4202EEF4-CCDF-4611-8C01-DC6913937961}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1001746345; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904685Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:10:28 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %SystemRoot%\System32\storagewmi.dll585700004611686018427387904684Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5245036hv-cinder-76019S-1-5-208/27/2021 11:10:28 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {97923558-4968-41E9-902A-2DB5EF7A92EF}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=760173565; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904683Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001068hv-cinder-76019S-1-5-188/27/2021 11:10:27 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5E80CA7-2B13-407C-890B-776AA600F622}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{D6C72278-0AFC-4D3B-B22A-1F4158F3C5F0}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904682Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001068hv-cinder-76019S-1-5-188/27/2021 11:10:26 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {7DA6DF91-E0C0-46AB-934C-6D8306904D25}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=569926834; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904681Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:10:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {BA72BFDD-FE30-4DB3-AB0D-08D37A0F354A}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=671389429; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904680Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004984hv-cinder-76019S-1-5-188/27/2021 11:10:00 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {5B10325F-083B-4315-A6EF-3CB68E2EA7E9}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1870250064; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904679Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:09:59 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {35B2832A-45FF-42E5-8B68-EA8E4A5CA691}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1139791919; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904678Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002312hv-cinder-76019S-1-5-188/27/2021 11:09:57 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {1FC95890-E005-4245-8259-408DFFD184FF}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{887F35CE-10C9-4890-BC16-2E39B2098491}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904677Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:09:55 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {64CDD388-487D-4953-BA4E-E14E5030A61E}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1184660160; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904676Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004984hv-cinder-76019S-1-5-188/27/2021 11:09:55 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {BDF7ABBE-A95E-4CED-A258-094CE88CA63B}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1965070197; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904675Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004296hv-cinder-76019S-1-5-188/27/2021 11:09:55 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {45C6CC0A-180F-4FCD-B8A6-DBCDB4DB6534}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1118377796; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904674Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004296hv-cinder-76019S-1-5-188/27/2021 11:09:55 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {0D478D1A-3BDD-44C9-AFDE-37E548C8CD30}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{09D64B6A-097B-42A4-A8F0-537EA4A2768D}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904673Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001076hv-cinder-76019S-1-5-188/27/2021 11:09:49 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {8D320B81-DABF-4B43-B3E8-CE50E285F384}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=184739072; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904672Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:09:46 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {54FF9394-A0BB-4DE6-AFF1-F12181125A43}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1266804509; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904671Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004728hv-cinder-76019S-1-5-188/27/2021 11:09:44 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9A052C42-4B63-40B0-A502-74198AC17B72}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=189089991; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904670Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004984hv-cinder-76019S-1-5-188/27/2021 11:09:32 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {AAE4161E-85E2-452A-8125-50722583D036}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1620; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{BC35A0FC-5B7C-4B36-ABBE-A00A177C6DCA}"; ResultCode = 0x80041024; PossibleCause = Unknown585802004611686018427387904669Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6004984hv-cinder-76019S-1-5-188/27/2021 11:09:30 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVSS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %systemroot%\system32\wbem\vsswmi.dll585700004611686018427387904668Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5245036hv-cinder-76019S-1-5-208/27/2021 11:09:21 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll585700004611686018427387904667Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5245036hv-cinder-76019S-1-5-208/27/2021 11:09:21 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3928; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll585700004611686018427387904666Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational39283232hv-cinder-76019S-1-5-198/27/2021 11:09:21 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2300; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904665Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational23003804hv-cinder-76019S-1-5-188/27/2021 11:07:56 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904664Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5243640hv-cinder-76019S-1-5-208/27/2021 11:07:55 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __InstanceDeletionEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_SyntheticEthernetPortSettingData' ; UserName = NT AUTHORITY\SYSTEM; ClientProcessID = 1932, ClientMachine = HV-CINDER-76019; PossibleCause = Temporary586000004611686018427387904663Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600368hv-cinder-76019S-1-5-188/27/2021 11:07:29 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __InstanceCreationEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_SyntheticEthernetPortSettingData' ; UserName = NT AUTHORITY\SYSTEM; ClientProcessID = 1932, ClientMachine = HV-CINDER-76019; PossibleCause = Temporary586000004611686018427387904662Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600368hv-cinder-76019S-1-5-188/27/2021 11:07:29 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = root\virtualization\v2; NotificationQuery = SELECT EnabledState, TargetInstance FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Msvm_ComputerSystem' AND TargetInstance.EnabledState != PreviousInstance.EnabledState AND (TargetInstance.EnabledState = '2' OR TargetInstance.EnabledState = '3' OR TargetInstance.EnabledState = '32768' OR TargetInstance.EnabledState = '32769'); UserName = NT AUTHORITY\SYSTEM; ClientProcessID = 3244, ClientMachine = HV-CINDER-76019; PossibleCause = Temporary586000004611686018427387904661Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600368hv-cinder-76019S-1-5-188/27/2021 11:07:25 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4316; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll585700004611686018427387904660Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational43164864hv-cinder-76019S-1-5-198/27/2021 11:07:25 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1868; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll585700004611686018427387904659Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational18685020hv-cinder-76019S-1-5-188/27/2021 11:07:24 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_WIN32_TERMINALSERVICE_Prov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %SystemRoot%\system32\tscfgwmi.dll585700004611686018427387904658Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5243640hv-cinder-76019S-1-5-208/27/2021 11:07:10 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2300; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904657Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational23003804hv-cinder-76019S-1-5-188/27/2021 11:07:00 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904656Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5243640hv-cinder-76019S-1-5-208/27/2021 11:07:00 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 524; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904655Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5243640hv-cinder-76019S-1-5-208/27/2021 11:07:00 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4500; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll585700004611686018427387904654Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational45004340hv-cinder-76019S-1-5-188/27/2021 10:43:07 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4792; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll585700004611686018427387904653Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational47921148hv-cinder-76019S-1-5-208/27/2021 10:42:07 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_WIN32_TERMINALSERVICE_Prov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4792; ProviderPath = %SystemRoot%\system32\tscfgwmi.dll585700004611686018427387904652Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational47924288hv-cinder-76019S-1-5-208/27/2021 10:42:06 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4792; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904651Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational47921148hv-cinder-76019S-1-5-208/27/2021 10:42:06 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\msiprov.dll585700004611686018427387904650Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37723812hv-cinder-76019S-1-5-188/27/2021 10:23:59 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4760; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904649Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational47604140hv-cinder-76019S-1-5-208/27/2021 10:22:10 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {5140C672-9B91-0001-F5C8-4051919BD701}; ClientMachine = HV-CINDER-76019; User = HV-CINDER-76019\Admin; ClientProcessId = 2228; Component = Core; Operation = Start IWbemServices::ExecNotificationQuery - root\virtualization\v2 : SELECT * FROM __InstanceDeletionEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; ResultCode = 0x800706BE; PossibleCause = Could not send status to client585802004611686018427387904648Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001896hv-cinder-76019S-1-5-188/27/2021 10:20:12 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {5140C672-9B91-0001-F5C8-4051919BD701}; ClientMachine = HV-CINDER-76019; User = HV-CINDER-76019\Admin; ClientProcessId = 2228; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - root\virtualization\v2 : SELECT * FROM __InstanceDeletionEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904647Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600100hv-cinder-76019S-1-5-188/27/2021 10:20:12 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {5140C672-9B91-0001-F5C8-4051919BD701}; ClientMachine = HV-CINDER-76019; User = HV-CINDER-76019\Admin; ClientProcessId = 2228; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - root\virtualization\v2 : SELECT * FROM __InstanceModificationEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904646Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600100hv-cinder-76019S-1-5-188/27/2021 10:20:10 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __InstanceDeletionEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; UserName = HV-CINDER-76019\Admin; ClientProcessID = 2228, ClientMachine = HV-CINDER-76019; PossibleCause = Temporary586000004611686018427387904645Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600100hv-cinder-76019S-1-5-188/27/2021 10:20:10 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __InstanceModificationEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; UserName = HV-CINDER-76019\Admin; ClientProcessID = 2228, ClientMachine = HV-CINDER-76019; PossibleCause = Temporary586000004611686018427387904644Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational600100hv-cinder-76019S-1-5-188/27/2021 10:20:10 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1364; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904643Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational13641320hv-cinder-76019S-1-5-198/27/2021 10:20:10 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2568; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904642Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25682688hv-cinder-76019S-1-5-208/27/2021 10:20:08 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSiSCSITargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = C:\windows\system32\wbem\SmIscsiTargetProv.dll585700004611686018427387904641Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational39683220hv-cinder-76019S-1-5-208/27/2021 10:20:06 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 664; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll585700004611686018427387904640Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6643380hv-cinder-76019S-1-5-198/27/2021 10:20:06 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll585700004611686018427387904639Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37723812hv-cinder-76019S-1-5-188/27/2021 10:20:06 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSiSCSITargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = C:\windows\system32\wbem\SmIscsiTargetProv.dll585700004611686018427387904638Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational39681156hv-cinder-76019S-1-5-208/27/2021 10:20:06 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1724; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904637Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6003004hv-cinder-76019S-1-5-188/27/2021 10:20:04 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_WIN32_TERMINALSERVICE_Prov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2568; ProviderPath = %SystemRoot%\system32\tscfgwmi.dll585700004611686018427387904636Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25682688hv-cinder-76019S-1-5-208/27/2021 10:19:54 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
wfascim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2568; ProviderPath = %systemroot%\system32\wbem\wfascim.dll585700004611686018427387904635Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25682840hv-cinder-76019S-1-5-208/27/2021 10:19:50 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3988; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904634Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational39883944hv-cinder-76019S-1-5-188/27/2021 10:19:18 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2568; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904633Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25682688hv-cinder-76019S-1-5-208/27/2021 10:19:17 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1436; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MSiSCSI_PortalInfoClass; ResultCode = 0x8004100C; PossibleCause = Unknown585802004611686018427387904632Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002520hv-cinder-76019S-1-5-188/27/2021 10:18:50 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1436; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MS_SM_AdapterInformationQuery; ResultCode = 0x8004100C; PossibleCause = Unknown585802004611686018427387904631Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002520hv-cinder-76019S-1-5-188/27/2021 10:18:50 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
wmiprov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll585700004611686018427387904630Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37723812hv-cinder-76019S-1-5-188/27/2021 10:18:50 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = HV-CINDER-76019\cloudbase-init; ClientProcessId = 2192; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT RemainingWindowsReArmCount, KeyManagementServiceListeningPort, KeyManagementServiceDnsPublishing, KeyManagementServiceLowPriority, ClientMachineId, KeyManagementServiceHostCaching, Version FROM SoftwareLicensingService; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904629Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001972hv-cinder-76019S-1-5-188/27/2021 10:18:46 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
SppProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2568; ProviderPath = %SystemRoot%\System32\sppwmi.dll585700004611686018427387904628Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25682688hv-cinder-76019S-1-5-208/27/2021 10:18:46 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3168; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904627Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001928hv-cinder-76019S-1-5-188/27/2021 10:18:21 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3168; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904626Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001928hv-cinder-76019S-1-5-188/27/2021 10:18:21 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3168; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesConfigured FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904625Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001928hv-cinder-76019S-1-5-188/27/2021 10:18:21 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_TpmProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2568; ProviderPath = C:\Windows\system32\wbem\Win32_TPM.dll585700004611686018427387904624Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25682840hv-cinder-76019S-1-5-208/27/2021 10:18:21 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3168; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT VirtualizationBasedSecurityStatus FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904623Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001928hv-cinder-76019S-1-5-188/27/2021 10:18:21 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3168; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904622Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 10:18:21 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3168; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904621Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 10:18:21 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3168; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904620Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001972hv-cinder-76019S-1-5-188/27/2021 10:18:21 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3168; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904619Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 10:18:20 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3168; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT VirtualizationBasedSecurityStatus FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904618Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 10:18:20 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3168; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904617Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002316hv-cinder-76019S-1-5-188/27/2021 10:18:20 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_DeviceGuard provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2568; ProviderPath = %SystemRoot%\System32\Win32_DeviceGuard.dll585700004611686018427387904616Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25682840hv-cinder-76019S-1-5-208/27/2021 10:18:20 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3168; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : select ChassisTypes from Win32_SystemEnclosure; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904615Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001972hv-cinder-76019S-1-5-188/27/2021 10:18:19 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3168; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\CIMV2 : SELECT SMBIOSAssetTag FROM Win32_SystemEnclosure ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904614Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001928hv-cinder-76019S-1-5-188/27/2021 10:18:19 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3168; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ID FROM Win32_ServerFeature; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904613Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6001972hv-cinder-76019S-1-5-188/27/2021 10:18:19 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3988; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904612Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational39883680hv-cinder-76019S-1-5-188/27/2021 10:18:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
ServerFeatureProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2568; ProviderPath = %windir%\system32\wbem\servercompprov.dll585700004611686018427387904611Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25682688hv-cinder-76019S-1-5-208/27/2021 10:18:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904610Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904609Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904608Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904607Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904606Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904605Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904604Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904603Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904602Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904601Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904600Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904599Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904598Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904597Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904596Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904595Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904594Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904593Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904592Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904591Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904590Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904589Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904588Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904587Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904586Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904585Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904584Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904583Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904582Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904581Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904580Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904579Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904578Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904577Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904576Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904575Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904574Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904573Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904572Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904571Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904570Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904569Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904568Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904567Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904566Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9D57B076-2062-489B-A182-883A4CDBC1D3}; ClientMachine = HV-CINDER-76019; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904565Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:18:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2568; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll585700004611686018427387904564Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25682688hv-cinder-76019S-1-5-208/27/2021 10:17:57 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 600; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent585900004611686018427387904563Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6003988hv-cinder-76019S-1-5-188/27/2021 10:17:57 PM5140c672-9b91-0001-04c7-4051919bd701microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __ClassOperationEvent; UserName = .\SYSTEM; ClientProcessID = 0, ClientMachine = ; PossibleCause = Temporary586000004611686018427387904562Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:17:56 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; }; 586100004611686018427387904561Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6003984hv-cinder-76019S-1-5-188/27/2021 10:17:56 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll585700004611686018427387904560Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37723812hv-cinder-76019S-1-5-188/27/2021 10:17:56 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll585700004611686018427387904559Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37723812hv-cinder-76019S-1-5-188/27/2021 10:17:56 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2528; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown585802004611686018427387904558Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002468hv-cinder-76019S-1-5-188/27/2021 10:17:50 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2568; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904557Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25682688hv-cinder-76019S-1-5-208/27/2021 10:17:50 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-76019; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2076; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User : __Namespace.name="S_1_5_21_109117839_428087192_119887350_500"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904556Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6002472hv-cinder-76019S-1-5-188/27/2021 10:17:50 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-HTG98GA8Q5T; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1884; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MSiSCSI_PortalInfoClass; ResultCode = 0x8004100A; PossibleCause = Unknown585802004611686018427387904555Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5202800WIN-5T344G8GM1HS-1-5-188/27/2021 10:17:06 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-HTG98GA8Q5T; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1884; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MS_SM_AdapterInformationQuery; ResultCode = 0x8004100A; PossibleCause = Unknown585802004611686018427387904554Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5202800WIN-5T344G8GM1HS-1-5-188/27/2021 10:17:06 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-HTG98GA8Q5T; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2180; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown585802004611686018427387904553Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5202544WIN-5T344G8GM1HS-1-5-188/27/2021 10:15:59 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-HTG98GA8Q5T; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1760; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : select * from Win32_OperatingSystem; ResultCode = 0x8004100A; PossibleCause = Unknown585802004611686018427387904552Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5202540WIN-5T344G8GM1HS-1-5-188/27/2021 10:15:59 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4848; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "RNDISMPStatisticsOID"; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904551Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9763432WIN-5T344G8GM1HS-1-5-181/19/2018 9:48:09 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4848; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WMIBinaryMofResource where Name = "C:\\windows\\System32\\drivers\\en-US\\netvsc.sys.mui[NdisMofResource]"; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904550Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9763432WIN-5T344G8GM1HS-1-5-181/19/2018 9:48:09 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4460; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904549Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational44605048WIN-5T344G8GM1HS-1-5-201/19/2018 9:46:31 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4460; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904548Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational44605048WIN-5T344G8GM1HS-1-5-201/19/2018 9:46:31 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4848; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll585700004611686018427387904547Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational48484776WIN-5T344G8GM1HS-1-5-181/19/2018 9:45:30 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = WIN-5T344G8GM1H\Administrator; ClientProcessId = 4956; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\Defender : SELECT * FROM MSFT_MpComputerStatus; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904546Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9761176WIN-5T344G8GM1HS-1-5-181/19/2018 9:42:52 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
ProtectionManagement provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3752; ProviderPath = "%ProgramData%\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\ProtectionManagement.dll"585700004611686018427387904545Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37522228WIN-5T344G8GM1HS-1-5-191/19/2018 9:42:52 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MsNetImPlatform provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\ndisimplatcim.dll585700004611686018427387904544Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27763064WIN-5T344G8GM1HS-1-5-201/19/2018 9:42:52 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4120; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904543Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational41204148WIN-5T344G8GM1HS-1-5-181/19/2018 9:42:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904542Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27761292WIN-5T344G8GM1HS-1-5-201/19/2018 9:42:48 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3752; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904541Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37522228WIN-5T344G8GM1HS-1-5-191/19/2018 9:42:48 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904540Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27763064WIN-5T344G8GM1HS-1-5-201/19/2018 9:42:48 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904539Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27763064WIN-5T344G8GM1HS-1-5-201/19/2018 9:42:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll585700004611686018427387904538Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27763064WIN-5T344G8GM1HS-1-5-201/19/2018 9:42:16 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4120; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904537Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational41204148WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:43 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904536Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27761292WIN-5T344G8GM1HS-1-5-201/19/2018 9:41:39 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3752; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904535Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37522228WIN-5T344G8GM1HS-1-5-191/19/2018 9:41:39 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904534Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27762812WIN-5T344G8GM1HS-1-5-201/19/2018 9:41:39 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 976; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent585900004611686018427387904533Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762172WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMad8d0f9c-9109-0001-0a10-8dad0991d301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __ClassOperationEvent; UserName = .\SYSTEM; ClientProcessID = 0, ClientMachine = ; PossibleCause = Temporary586000004611686018427387904532Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; }; 586100004611686018427387904531Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational976388WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904530Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904529Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904528Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904527Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904526Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904525Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904524Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904523Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904522Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904521Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904520Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904519Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904518Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904517Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904516Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904515Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904514Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904513Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904512Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904511Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904510Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904509Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904508Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904507Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904506Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904505Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904504Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904503Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904502Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904501Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904500Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904499Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904498Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904497Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904496Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904495Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904494Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904493Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904492Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904491Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904490Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904489Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904488Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904487Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904486Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904485Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762680WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904484Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27762848WIN-5T344G8GM1HS-1-5-201/19/2018 9:41:31 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2204; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown585802004611686018427387904483Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762692WIN-5T344G8GM1HS-1-5-181/19/2018 9:41:30 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3176; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904482Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational31761548WIN-5T344G8GM1HS-1-5-201/19/2018 9:40:26 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_RegisteredSubprofile; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904481Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9564728WIN-5T344G8GM1HS-1-5-181/19/2018 9:38:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_SubProfileRequiresProfile; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904480Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9564728WIN-5T344G8GM1HS-1-5-181/19/2018 9:38:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_RegisteredProfile; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904479Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9564728WIN-5T344G8GM1HS-1-5-181/19/2018 9:38:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_ReferencedProfile; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904478Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9564728WIN-5T344G8GM1HS-1-5-181/19/2018 9:38:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_ElementSoftwareIdentity; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904477Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9564728WIN-5T344G8GM1HS-1-5-181/19/2018 9:38:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_ElementConformsToProfileEx; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904476Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9564728WIN-5T344G8GM1HS-1-5-181/19/2018 9:38:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_ElementConformsToProfile; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904475Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9564728WIN-5T344G8GM1HS-1-5-181/19/2018 9:38:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\cimv2\storage\ms_409 : __Namespace.Name='iscsitarget'; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904474Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9564728WIN-5T344G8GM1HS-1-5-181/19/2018 9:38:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll585700004611686018427387904473Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational39684084WIN-5T344G8GM1HS-1-5-181/19/2018 9:38:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2712; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904472Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational2712592WIN-5T344G8GM1HS-1-5-201/19/2018 9:38:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2712; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904471Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational2712592WIN-5T344G8GM1HS-1-5-201/19/2018 9:38:49 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4348; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904470Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational43482924WIN-5T344G8GM1HS-1-5-201/19/2018 9:35:55 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4444; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904469Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational44444516WIN-5T344G8GM1HS-1-5-191/19/2018 9:35:55 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4348; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904468Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational43484632WIN-5T344G8GM1HS-1-5-201/19/2018 9:35:55 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4348; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904467Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational43484632WIN-5T344G8GM1HS-1-5-201/19/2018 9:35:41 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4348; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904466Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational43484632WIN-5T344G8GM1HS-1-5-201/19/2018 9:35:41 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904465Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational48241600WIN-5T344G8GM1HS-1-5-201/19/2018 9:34:04 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1548; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904464Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational15482160WIN-5T344G8GM1HS-1-5-191/19/2018 9:34:04 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904463Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational48241600WIN-5T344G8GM1HS-1-5-201/19/2018 9:34:04 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904462Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational48244808WIN-5T344G8GM1HS-1-5-201/19/2018 9:34:04 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 764; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904461Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational7641020WIN-5T344G8GM1HS-1-5-181/19/2018 9:33:46 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904460Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational48244808WIN-5T344G8GM1HS-1-5-201/19/2018 9:32:20 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904459Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational48244808WIN-5T344G8GM1HS-1-5-201/19/2018 9:32:20 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll585700004611686018427387904458Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational39684084WIN-5T344G8GM1HS-1-5-181/19/2018 9:31:16 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1520; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904457Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational15202704WIN-5T344G8GM1HS-1-5-201/19/2018 9:29:44 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1520; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904456Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational15202704WIN-5T344G8GM1HS-1-5-201/19/2018 9:29:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {4693033F-66F0-46C4-8E27-99621765768B}; ClientMachine = WIN-5T344G8GM1H; User = WIN-5T344G8GM1H\Administrator; ClientProcessId = 4124; Component = Core; Operation = Start IWbemServices::ExecMethod - root\microsoft\windows\servermanager : MSFT_ServerManagerTasks::GetServerFeature; ResultCode = 0x800706BE; PossibleCause = Could not send status to client585802004611686018427387904455Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562716WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {4693033F-66F0-46C4-8E27-99621765768B}; ClientMachine = WIN-5T344G8GM1H; User = WIN-5T344G8GM1H\Administrator; ClientProcessId = 4124; Component = Unknown; Operation = Start IWbemServices::ExecMethod - root\microsoft\windows\servermanager : MSFT_ServerManagerTasks::GetServerFeature; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904454Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational956432WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:32 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4608; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904453Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational46084636WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:30 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904452Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28722896WIN-5T344G8GM1HS-1-5-201/19/2018 9:27:26 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4344; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904451Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational43444368WIN-5T344G8GM1HS-1-5-191/19/2018 9:27:26 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904450Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28722900WIN-5T344G8GM1HS-1-5-201/19/2018 9:27:25 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904449Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28722900WIN-5T344G8GM1HS-1-5-201/19/2018 9:27:20 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll585700004611686018427387904448Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28722900WIN-5T344G8GM1HS-1-5-201/19/2018 9:27:19 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 956; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent585900004611686018427387904447Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562284WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:18 AMaff0bd57-9107-0002-9bbd-f0af0791d301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __ClassOperationEvent; UserName = .\SYSTEM; ClientProcessID = 0, ClientMachine = ; PossibleCause = Temporary586000004611686018427387904446Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:18 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; }; 586100004611686018427387904445Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562284WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:18 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904444Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904443Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904442Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904441Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904440Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904439Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904438Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904437Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904436Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904435Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904434Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904433Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904432Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904431Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904430Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904429Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904428Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904427Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904426Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904425Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904424Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904423Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904422Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904421Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904420Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562864WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904419Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562864WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904418Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562864WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904417Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562864WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904416Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562864WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904415Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562864WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904414Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562864WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904413Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562868WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904412Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904411Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904410Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562864WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904409Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562864WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904408Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562864WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904407Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562864WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904406Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562864WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904405Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562868WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904404Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562864WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904403Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562864WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904402Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562864WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904401Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904400Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904399Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904398Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904397Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904396Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904395Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904394Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904393Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904392Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904391Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904390Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904389Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904388Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904387Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904386Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904385Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904384Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904383Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904382Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904381Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904380Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904379Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904378Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904377Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904376Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904375Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904374Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904373Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904372Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904371Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904370Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904369Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904368Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904367Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904366Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904365Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904364Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904363Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904362Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904361Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904360Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904359Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904358Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904357Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904356Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904355Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904354Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904353Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562860WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904352Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28722900WIN-5T344G8GM1HS-1-5-201/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2336; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown585802004611686018427387904351Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562864WIN-5T344G8GM1HS-1-5-181/19/2018 9:27:17 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = ROOT\virtualization\v2; NotificationQuery = SELECT * FROM __ClassOperationEvent; UserName = .\SYSTEM; ClientProcessID = 0, ClientMachine = ; PossibleCause = Temporary586000004611686018427387904350Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:58 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2360; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown585802004611686018427387904349Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:52 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : Msvm_VirtualHardDiskState; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904348Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : Msvm_VirtualHardDiskSettingData; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904347Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : Msvm_VirtualHardDiskInfo; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904346Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : Msvm_ServicingSettings; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904345Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_SettingsDefineState; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904344Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_ServiceAffectsElement; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904343Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_ManagedElement; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904342Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_ElementSettingData; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904341Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_ElementCapabilities; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904340Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_Dependency; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904339Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_Component; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904338Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_AffectedJobElement; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904337Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : Msvm_SummaryInformationBase; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904336Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_SettingsDefineState; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904335Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_ServiceAffectsElement; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904334Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682824WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_ManagedElement; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904333Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_ElementSettingData; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904332Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_ElementCapabilities; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904331Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_Dependency; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904330Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_Component; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904329Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_AffectedJobElement; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904328Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 968; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent585900004611686018427387904327Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682948WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AM96ed06e7-9107-0000-3d07-ed960791d301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; }; 586100004611686018427387904326Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682948WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:51 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VirtualDiskChangedRange; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904325Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VHDSSnapshotInformation; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904324Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VHDSetInformation; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904323Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VirtualHardDiskSettingData; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904322Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VirtualHardDiskInfo; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904321Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_SummaryInformationBase; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904320Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_ServicingSettings; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904319Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_SettingsDefineState; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904318Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_ServiceAffectsElement; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904317Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_ManagedElement; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904316Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_ElementSettingData; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904315Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_ElementCapabilities; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904314Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_Dependency; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904313Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_Component; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904312Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_AffectedJobElement; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904311Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VirtualDiskChangedRange; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904310Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:49 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VHDSSnapshotInformation; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904309Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:49 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VHDSetInformation; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904308Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:49 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VirtualHardDiskSettingData; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904307Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:49 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VirtualHardDiskInfo; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904306Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:49 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_SummaryInformationBase; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904305Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:49 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_ServicingSettings; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904304Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:49 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_SettingsDefineState; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904303Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:49 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_ServiceAffectsElement; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904302Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:49 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_ManagedElement; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904301Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:49 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_ElementSettingData; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904300Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:49 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_ElementCapabilities; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904299Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:49 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_Dependency; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904298Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:49 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_Component; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904297Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:49 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_AffectedJobElement; ResultCode = 0x80041002; PossibleCause = Unknown585802004611686018427387904296Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9682820WIN-5T344G8GM1HS-1-5-181/19/2018 9:26:49 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2840; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904295Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28402880WIN-5T344G8GM1HS-1-5-201/19/2018 9:26:46 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2840; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll585700004611686018427387904294Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28402880WIN-5T344G8GM1HS-1-5-201/19/2018 9:26:44 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2840; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904293Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28402864WIN-5T344G8GM1HS-1-5-201/19/2018 9:26:42 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 308; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904292Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562620WIN-5T344G8GM1HS-1-5-181/19/2018 9:25:03 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 308; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904291Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational956404WIN-5T344G8GM1HS-1-5-181/19/2018 9:25:02 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2528; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904290Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25283456WIN-5T344G8GM1HS-1-5-181/19/2018 9:24:56 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2508; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904289Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25084092WIN-5T344G8GM1HS-1-5-201/19/2018 9:24:53 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2736; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904288Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27363804WIN-5T344G8GM1HS-1-5-191/19/2018 9:24:53 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2508; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904287Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25084092WIN-5T344G8GM1HS-1-5-201/19/2018 9:24:53 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2508; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904286Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25082824WIN-5T344G8GM1HS-1-5-201/19/2018 9:24:53 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3200; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904285Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational32003644WIN-5T344G8GM1HS-1-5-181/19/2018 9:23:15 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904284Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28562920WIN-5T344G8GM1HS-1-5-201/19/2018 9:23:12 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2540; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904283Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25403240WIN-5T344G8GM1HS-1-5-191/19/2018 9:23:12 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904282Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28562884WIN-5T344G8GM1HS-1-5-201/19/2018 9:23:11 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904281Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28562884WIN-5T344G8GM1HS-1-5-201/19/2018 9:23:05 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll585700004611686018427387904280Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28562884WIN-5T344G8GM1HS-1-5-201/19/2018 9:23:04 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 956; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent585900004611686018427387904279Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562916WIN-5T344G8GM1HS-1-5-181/19/2018 9:23:03 AM17f2f0cc-9107-0002-12f1-f2170791d301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; }; 586100004611686018427387904278Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9562908WIN-5T344G8GM1HS-1-5-181/19/2018 9:23:03 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904277Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28562884WIN-5T344G8GM1HS-1-5-201/19/2018 9:23:02 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3808; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904276Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational38084032WIN-5T344G8GM1HS-1-5-181/19/2018 9:14:59 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2664; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904275Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational26642720WIN-5T344G8GM1HS-1-5-201/19/2018 9:14:58 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2972; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904274Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational2972156WIN-5T344G8GM1HS-1-5-191/19/2018 9:14:58 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2664; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904273Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational26642720WIN-5T344G8GM1HS-1-5-201/19/2018 9:14:57 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2664; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904272Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational26641584WIN-5T344G8GM1HS-1-5-201/19/2018 9:14:57 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = WIN-5T344G8GM1H\Administrator; ClientProcessId = 1860; Component = Unknown; Operation = Start IWbemServices::PutInstance - root\cimv2 : Win32_ComputerSystem.Name="WIN-5T344G8GM1H"; ResultCode = 0x80041001; PossibleCause = Unknown585802004611686018427387904271Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11804136WIN-5T344G8GM1HS-1-5-181/19/2018 9:11:39 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4368; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904270Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational43684496WIN-5T344G8GM1HS-1-5-201/19/2018 9:10:55 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1784; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904269Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational17842240WIN-5T344G8GM1HS-1-5-181/19/2018 9:05:00 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 952; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904268Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational952452WIN-5T344G8GM1HS-1-5-201/19/2018 9:04:58 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1152; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904267Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11521396WIN-5T344G8GM1HS-1-5-191/19/2018 9:04:58 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 952; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904266Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational952452WIN-5T344G8GM1HS-1-5-201/19/2018 9:04:57 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 952; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904265Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9521000WIN-5T344G8GM1HS-1-5-201/19/2018 9:04:57 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3176; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll585700004611686018427387904264Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational31763364WIN-5T344G8GM1HS-1-5-181/19/2018 8:58:49 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4672; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904263Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational46724700WIN-5T344G8GM1HS-1-5-201/19/2018 8:57:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4672; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904262Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational46724700WIN-5T344G8GM1HS-1-5-201/19/2018 8:57:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 88; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904261Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11801284WIN-5T344G8GM1HS-1-5-181/19/2018 8:56:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4672; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904260Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational46724700WIN-5T344G8GM1HS-1-5-201/19/2018 8:56:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 1180; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent585900004611686018427387904259Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11804340WIN-5T344G8GM1HS-1-5-181/19/2018 8:56:46 AM289cfce6-9103-0003-f9fd-9c280391d301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; }; 586100004611686018427387904258Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11804340WIN-5T344G8GM1HS-1-5-181/19/2018 8:56:46 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904257Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational39684008WIN-5T344G8GM1HS-1-5-201/19/2018 8:55:06 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll585700004611686018427387904256Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational39684008WIN-5T344G8GM1HS-1-5-201/19/2018 8:55:05 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3688; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904255Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational36883696WIN-5T344G8GM1HS-1-5-181/19/2018 8:55:04 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904254Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational39684020WIN-5T344G8GM1HS-1-5-201/19/2018 8:54:58 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4024; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904253Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational40244052WIN-5T344G8GM1HS-1-5-191/19/2018 8:54:58 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904252Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational39684008WIN-5T344G8GM1HS-1-5-201/19/2018 8:54:58 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904251Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational39683996WIN-5T344G8GM1HS-1-5-201/19/2018 8:54:58 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3880; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904250Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational38803916WIN-5T344G8GM1HS-1-5-201/19/2018 8:54:38 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {7C5C4FFB-9102-0000-4A51-5C7C0291D301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 1192; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904249Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11923004WIN-5T344G8GM1HS-1-5-181/19/2018 8:54:34 AM7c5c4ffb-9102-0000-4a51-5c7c0291d301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1200; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll585700004611686018427387904248Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational12002840WIN-5T344G8GM1HS-1-5-181/19/2018 8:54:03 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 1192, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary586000004611686018427387904247Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11922792WIN-5T344G8GM1HS-1-5-181/19/2018 8:52:27 AM7c5c4ffb-9102-0001-8851-5c7c0291d301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1192; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll585700004611686018427387904246Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11922792WIN-5T344G8GM1HS-1-5-181/19/2018 8:52:27 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 1192; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent585900004611686018427387904245Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11922796WIN-5T344G8GM1HS-1-5-181/19/2018 8:51:57 AM7c5c4ffb-9102-0001-5f51-5c7c0291d301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; }; 586100004611686018427387904244Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11922796WIN-5T344G8GM1HS-1-5-181/19/2018 8:51:57 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904243Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational38323932WIN-5T344G8GM1HS-1-5-201/19/2018 8:51:38 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll585700004611686018427387904242Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational38323872WIN-5T344G8GM1HS-1-5-201/19/2018 8:51:37 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 428; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904241Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational4281316WIN-5T344G8GM1HS-1-5-181/19/2018 8:51:13 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904240Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational38323872WIN-5T344G8GM1HS-1-5-201/19/2018 8:51:04 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3888; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904239Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational38883916WIN-5T344G8GM1HS-1-5-191/19/2018 8:51:04 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904238Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational38323872WIN-5T344G8GM1HS-1-5-201/19/2018 8:51:04 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904237Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational38323860WIN-5T344G8GM1HS-1-5-201/19/2018 8:51:04 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4796; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904236Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational4796840WIN-5T344G8GM1HS-1-5-201/19/2018 8:45:55 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2284; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904235Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational22842676WIN-5T344G8GM1HS-1-5-181/19/2018 8:44:15 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2548; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904234Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25482728WIN-5T344G8GM1HS-1-5-201/19/2018 8:44:08 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2300; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904233Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational23004360WIN-5T344G8GM1HS-1-5-191/19/2018 8:44:08 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2548; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904232Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25482728WIN-5T344G8GM1HS-1-5-201/19/2018 8:44:08 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2548; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904231Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25483736WIN-5T344G8GM1HS-1-5-201/19/2018 8:44:08 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1052; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904230Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational10524868WIN-5T344G8GM1HS-1-5-201/19/2018 8:36:56 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3184; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904229Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational3184404WIN-5T344G8GM1HS-1-5-181/19/2018 8:34:15 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_WIN32_TERMINALSERVICE_Prov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %SystemRoot%\system32\tscfgwmi.dll585700004611686018427387904228Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11644616WIN-5T344G8GM1HS-1-5-201/19/2018 8:34:14 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4600; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\WMI : SELECT * FROM BatteryStaticData; ResultCode = 0x80041010; PossibleCause = Unknown585802004611686018427387904227Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9644904WIN-5T344G8GM1HS-1-5-181/19/2018 8:34:14 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4600; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\WMI : SELECT * FROM BatteryFullChargedCapacity; ResultCode = 0x80041010; PossibleCause = Unknown585802004611686018427387904226Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9644904WIN-5T344G8GM1HS-1-5-181/19/2018 8:34:13 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerWmiProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %SYSTEMROOT%\system32\PowerWmiProvider.dll585700004611686018427387904225Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11641368WIN-5T344G8GM1HS-1-5-201/19/2018 8:34:13 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %SystemRoot%\System32\storagewmi.dll585700004611686018427387904224Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11641368WIN-5T344G8GM1HS-1-5-201/19/2018 8:34:11 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904223Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11641368WIN-5T344G8GM1HS-1-5-201/19/2018 8:34:11 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904222Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11641368WIN-5T344G8GM1HS-1-5-201/19/2018 8:34:08 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2920; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904221Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational29204532WIN-5T344G8GM1HS-1-5-191/19/2018 8:34:08 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904220Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11641368WIN-5T344G8GM1HS-1-5-201/19/2018 8:34:08 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904219Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11641532WIN-5T344G8GM1HS-1-5-201/19/2018 8:34:08 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9A81CB05-910F-0003-8ACC-819A0F91D301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 964; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904218Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9644228WIN-5T344G8GM1HS-1-5-181/19/2018 8:33:15 AM9a81cb05-910f-0003-8acc-819a0f91d301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904217Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9641824WIN-5T344G8GM1HS-1-5-181/19/2018 8:33:01 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesConfigured FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904216Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9645076WIN-5T344G8GM1HS-1-5-181/19/2018 8:33:01 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_TpmProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = C:\Windows\system32\wbem\Win32_TPM.dll585700004611686018427387904215Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11641532WIN-5T344G8GM1HS-1-5-201/19/2018 8:33:01 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT VirtualizationBasedSecurityStatus FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904214Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9645076WIN-5T344G8GM1HS-1-5-181/19/2018 8:33:01 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904213Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9645076WIN-5T344G8GM1HS-1-5-181/19/2018 8:33:01 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904212Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9641824WIN-5T344G8GM1HS-1-5-181/19/2018 8:33:01 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904211Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9645076WIN-5T344G8GM1HS-1-5-181/19/2018 8:33:01 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_DeviceGuard provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %SystemRoot%\System32\Win32_DeviceGuard.dll585700004611686018427387904210Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11641532WIN-5T344G8GM1HS-1-5-201/19/2018 8:33:01 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\CIMV2 : SELECT SMBIOSAssetTag FROM Win32_SystemEnclosure ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904209Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9645076WIN-5T344G8GM1HS-1-5-181/19/2018 8:32:59 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904208Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11641532WIN-5T344G8GM1HS-1-5-201/19/2018 8:32:59 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904207Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11642868WIN-5T344G8GM1HS-1-5-201/19/2018 8:32:58 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1912; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904206Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational19123084WIN-5T344G8GM1HS-1-5-181/19/2018 8:32:58 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
ServerFeatureProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %windir%\system32\wbem\servercompprov.dll585700004611686018427387904205Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11641532WIN-5T344G8GM1HS-1-5-201/19/2018 8:32:58 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 996; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904204Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational996456WIN-5T344G8GM1HS-1-5-201/19/2018 8:29:00 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 996; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904203Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational996456WIN-5T344G8GM1HS-1-5-201/19/2018 8:29:00 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4324; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll585700004611686018427387904202Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational43243568WIN-5T344G8GM1HS-1-5-181/19/2018 8:27:56 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 964, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary586000004611686018427387904201Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9643260WIN-5T344G8GM1HS-1-5-181/19/2018 8:26:55 AM9a81cb05-910f-0000-a4cc-819a0f91d301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 964; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll585700004611686018427387904200Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9643260WIN-5T344G8GM1HS-1-5-181/19/2018 8:26:55 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904199Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37723768WIN-5T344G8GM1HS-1-5-201/19/2018 8:26:50 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904198Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37723768WIN-5T344G8GM1HS-1-5-201/19/2018 8:25:57 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 964; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent585900004611686018427387904197Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9644648WIN-5T344G8GM1HS-1-5-181/19/2018 8:25:52 AM9a81cb05-910f-0003-4bcc-819a0f91d301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; }; 586100004611686018427387904196Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9644648WIN-5T344G8GM1HS-1-5-181/19/2018 8:25:52 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904195Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37723768WIN-5T344G8GM1HS-1-5-201/19/2018 8:24:46 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4124; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904194Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational41244152WIN-5T344G8GM1HS-1-5-181/19/2018 8:24:15 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904193Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37723820WIN-5T344G8GM1HS-1-5-201/19/2018 8:24:08 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3084; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904192Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational30843436WIN-5T344G8GM1HS-1-5-191/19/2018 8:24:08 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904191Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37723800WIN-5T344G8GM1HS-1-5-201/19/2018 8:24:08 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll585700004611686018427387904190Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37723800WIN-5T344G8GM1HS-1-5-201/19/2018 8:24:03 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904189Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37723800WIN-5T344G8GM1HS-1-5-201/19/2018 8:24:03 AMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3868; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904188Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational38683176WIN-5T344G8GM1HS-1-5-181/16/2018 6:37:16 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2504; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904187Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25042192WIN-5T344G8GM1HS-1-5-201/16/2018 6:37:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2788; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904186Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27882624WIN-5T344G8GM1HS-1-5-191/16/2018 6:37:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2504; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904185Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25042192WIN-5T344G8GM1HS-1-5-201/16/2018 6:37:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2504; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904184Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational25042440WIN-5T344G8GM1HS-1-5-201/16/2018 6:37:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4024; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904183Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational40243868WIN-5T344G8GM1HS-1-5-181/16/2018 6:27:16 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1288; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904182Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational12883280WIN-5T344G8GM1HS-1-5-201/16/2018 6:27:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1500; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904181Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational15002664WIN-5T344G8GM1HS-1-5-191/16/2018 6:27:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1288; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904180Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational12883280WIN-5T344G8GM1HS-1-5-201/16/2018 6:27:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1288; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904179Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational12884056WIN-5T344G8GM1HS-1-5-201/16/2018 6:27:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 652; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904178Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational6521972WIN-5T344G8GM1HS-1-5-181/16/2018 6:17:16 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4032; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904177Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational40323152WIN-5T344G8GM1HS-1-5-201/16/2018 6:17:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3688; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904176Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational36883124WIN-5T344G8GM1HS-1-5-191/16/2018 6:17:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4032; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904175Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational40321184WIN-5T344G8GM1HS-1-5-201/16/2018 6:17:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4032; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904174Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational40321160WIN-5T344G8GM1HS-1-5-201/16/2018 6:17:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1088; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll585700004611686018427387904173Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational10884088WIN-5T344G8GM1HS-1-5-181/16/2018 6:10:25 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904172Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27841752WIN-5T344G8GM1HS-1-5-201/16/2018 6:08:29 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 1176; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent585900004611686018427387904171Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11763928WIN-5T344G8GM1HS-1-5-181/16/2018 6:08:20 PMb65c0852-8ef4-0003-8709-5cb6f48ed301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; }; 586100004611686018427387904170Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11763928WIN-5T344G8GM1HS-1-5-181/16/2018 6:08:20 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904169Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27841752WIN-5T344G8GM1HS-1-5-201/16/2018 6:07:37 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll585700004611686018427387904168Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27841752WIN-5T344G8GM1HS-1-5-201/16/2018 6:07:36 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904167Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27844072WIN-5T344G8GM1HS-1-5-201/16/2018 6:07:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4076; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904166Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational40761920WIN-5T344G8GM1HS-1-5-191/16/2018 6:07:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904165Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27844060WIN-5T344G8GM1HS-1-5-201/16/2018 6:07:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904164Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27842824WIN-5T344G8GM1HS-1-5-201/16/2018 6:07:14 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904163Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11762580WIN-5T344G8GM1HS-1-5-181/16/2018 6:06:34 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904162Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11762580WIN-5T344G8GM1HS-1-5-181/16/2018 6:06:34 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesConfigured FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904161Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11762640WIN-5T344G8GM1HS-1-5-181/16/2018 6:06:34 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_TpmProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = C:\Windows\system32\wbem\Win32_TPM.dll585700004611686018427387904160Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27842824WIN-5T344G8GM1HS-1-5-201/16/2018 6:06:34 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT VirtualizationBasedSecurityStatus FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904159Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11762640WIN-5T344G8GM1HS-1-5-181/16/2018 6:06:33 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904158Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11762580WIN-5T344G8GM1HS-1-5-181/16/2018 6:06:33 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904157Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11762580WIN-5T344G8GM1HS-1-5-181/16/2018 6:06:33 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904156Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11762580WIN-5T344G8GM1HS-1-5-181/16/2018 6:06:33 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904155Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11762580WIN-5T344G8GM1HS-1-5-181/16/2018 6:06:33 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_DeviceGuard provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %SystemRoot%\System32\Win32_DeviceGuard.dll585700004611686018427387904154Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27842824WIN-5T344G8GM1HS-1-5-201/16/2018 6:06:33 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : select ChassisTypes from Win32_SystemEnclosure; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904153Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11762640WIN-5T344G8GM1HS-1-5-181/16/2018 6:06:33 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904152Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27842824WIN-5T344G8GM1HS-1-5-201/16/2018 6:06:32 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ID FROM Win32_ServerFeature; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904151Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11762640WIN-5T344G8GM1HS-1-5-181/16/2018 6:06:32 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2832; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904150Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28322860WIN-5T344G8GM1HS-1-5-181/16/2018 6:06:27 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
ServerFeatureProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %windir%\system32\wbem\servercompprov.dll585700004611686018427387904149Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27842812WIN-5T344G8GM1HS-1-5-201/16/2018 6:06:27 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4892; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904148Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational4892836WIN-5T344G8GM1HS-1-5-201/16/2018 6:02:36 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4256; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904147Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational42564144WIN-5T344G8GM1HS-1-5-181/16/2018 5:53:30 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4976; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904146Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational49763800WIN-5T344G8GM1HS-1-5-201/16/2018 5:53:24 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5092; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904145Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational50922628WIN-5T344G8GM1HS-1-5-191/16/2018 5:53:24 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4976; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904144Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational49763800WIN-5T344G8GM1HS-1-5-201/16/2018 5:53:23 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4976; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904143Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational49765116WIN-5T344G8GM1HS-1-5-201/16/2018 5:53:23 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {53B2B737-8EF1-0000-6DB9-B253F18ED301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 1152; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904142Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11524780WIN-5T344G8GM1HS-1-5-181/16/2018 5:50:11 PM53b2b737-8ef1-0000-6db9-b253f18ed301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3688; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll585700004611686018427387904141Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational36882160WIN-5T344G8GM1HS-1-5-181/16/2018 5:46:15 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 1152, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary586000004611686018427387904140Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11524676WIN-5T344G8GM1HS-1-5-181/16/2018 5:44:23 PM53b2b737-8ef1-0003-feb9-b253f18ed301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1152; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll585700004611686018427387904139Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11524676WIN-5T344G8GM1HS-1-5-181/16/2018 5:44:23 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 400; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904138Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11522600WIN-5T344G8GM1HS-1-5-181/16/2018 5:44:12 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4212; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904137Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational42124236WIN-5T344G8GM1HS-1-5-181/16/2018 5:43:31 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904136Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9762796WIN-5T344G8GM1HS-1-5-201/16/2018 5:43:29 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904135Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9763216WIN-5T344G8GM1HS-1-5-201/16/2018 5:43:23 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3208; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904134Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational32083308WIN-5T344G8GM1HS-1-5-191/16/2018 5:43:23 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904133Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational976324WIN-5T344G8GM1HS-1-5-201/16/2018 5:43:23 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll585700004611686018427387904132Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational976324WIN-5T344G8GM1HS-1-5-201/16/2018 5:43:17 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904131Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational976324WIN-5T344G8GM1HS-1-5-201/16/2018 5:43:17 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 1152; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent585900004611686018427387904130Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11522720WIN-5T344G8GM1HS-1-5-181/16/2018 5:42:38 PM53b2b737-8ef1-0001-8eb7-b253f18ed301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; }; 586100004611686018427387904129Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational11522720WIN-5T344G8GM1HS-1-5-181/16/2018 5:42:38 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {A4626349-8EA8-0003-B36D-62A4A88ED301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904128Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9243696WIN-5T344G8GM1HS-1-5-181/16/2018 5:37:24 PMa4626349-8ea8-0003-b36d-62a4a88ed301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 164; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904127Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational1643628WIN-5T344G8GM1HS-1-5-201/16/2018 5:35:48 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WmiPerfInst provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3868; ProviderPath = C:\Windows\System32\wbem\WmiPerfInst.dll585700004611686018427387904126Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational38681388WIN-5T344G8GM1HS-1-5-191/16/2018 5:35:07 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4924; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll585700004611686018427387904125Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational4924428WIN-5T344G8GM1HS-1-5-181/16/2018 5:35:04 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WmiPerfClass provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4924; ProviderPath = C:\Windows\System32\wbem\WmiPerfClass.dll585700004611686018427387904124Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational49245928WIN-5T344G8GM1HS-1-5-181/16/2018 5:35:03 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 924, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary586000004611686018427387904123Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242052WIN-5T344G8GM1HS-1-5-181/16/2018 5:34:06 PMa4626349-8ea8-0002-ed6e-62a4a88ed301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 924; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll585700004611686018427387904122Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242052WIN-5T344G8GM1HS-1-5-181/16/2018 5:34:06 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5028; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904121Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational50285328WIN-5T344G8GM1HS-1-5-181/16/2018 5:32:53 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5804; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904120Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational58045824WIN-5T344G8GM1HS-1-5-201/16/2018 5:32:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3816; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904119Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational38161224WIN-5T344G8GM1HS-1-5-191/16/2018 5:32:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5804; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904118Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational58045824WIN-5T344G8GM1HS-1-5-201/16/2018 5:32:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5804; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904117Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational5804912WIN-5T344G8GM1HS-1-5-201/16/2018 5:32:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3180; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904116Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational3180804WIN-5T344G8GM1HS-1-5-181/16/2018 5:22:47 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904115Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37725300WIN-5T344G8GM1HS-1-5-201/16/2018 5:22:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 888; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904114Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational8885288WIN-5T344G8GM1HS-1-5-191/16/2018 5:22:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904113Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37725300WIN-5T344G8GM1HS-1-5-201/16/2018 5:22:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904112Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational37723704WIN-5T344G8GM1HS-1-5-201/16/2018 5:22:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5964; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll585700004611686018427387904111Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational59643468WIN-5T344G8GM1HS-1-5-181/16/2018 5:12:54 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {A4626349-8EA8-0000-8A6D-62A4A88ED301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown585802004611686018427387904110Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9241992WIN-5T344G8GM1HS-1-5-181/16/2018 5:12:41 PMa4626349-8ea8-0000-8a6d-62a4a88ed301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1260; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll585700004611686018427387904109Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational12601960WIN-5T344G8GM1HS-1-5-201/16/2018 5:12:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2736; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll585700004611686018427387904108Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27362320WIN-5T344G8GM1HS-1-5-191/16/2018 5:12:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1260; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904107Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational12601960WIN-5T344G8GM1HS-1-5-201/16/2018 5:12:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1260; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll585700004611686018427387904106Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational12601936WIN-5T344G8GM1HS-1-5-201/16/2018 5:12:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 924, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary586000004611686018427387904105Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9243016WIN-5T344G8GM1HS-1-5-181/16/2018 5:06:17 PMa4626349-8ea8-0003-146c-62a4a88ed301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 924; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll585700004611686018427387904104Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9243016WIN-5T344G8GM1HS-1-5-181/16/2018 5:06:17 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3428; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll585700004611686018427387904103Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational34285844WIN-5T344G8GM1HS-1-5-201/16/2018 5:06:06 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3428; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904102Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational34285844WIN-5T344G8GM1HS-1-5-201/16/2018 5:06:06 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2768; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll585700004611686018427387904101Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27681104WIN-5T344G8GM1HS-1-5-181/16/2018 5:05:59 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll585700004611686018427387904100Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28563704WIN-5T344G8GM1HS-1-5-201/16/2018 5:04:01 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 924; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent58590000461168601842738790499Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9243356WIN-5T344G8GM1HS-1-5-181/16/2018 5:03:48 PMa4626349-8ea8-0003-c36b-62a4a88ed301microsoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; }; 58610000461168601842738790498Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9241768WIN-5T344G8GM1HS-1-5-181/16/2018 5:03:48 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll58570000461168601842738790497Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28563704WIN-5T344G8GM1HS-1-5-201/16/2018 5:02:51 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll58570000461168601842738790496Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational2856812WIN-5T344G8GM1HS-1-5-201/16/2018 5:02:39 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5960; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll58570000461168601842738790495Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational59605988WIN-5T344G8GM1HS-1-5-191/16/2018 5:02:39 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll58570000461168601842738790494Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28563084WIN-5T344G8GM1HS-1-5-201/16/2018 5:02:39 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2972; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ID FROM Win32_ServerFeature; ResultCode = 0x80041032; PossibleCause = Unknown58580200461168601842738790493Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242352WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:13 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790492Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{F9C77450-3A41-477E-9310-9ACD617BD9E3}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790491Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790490Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790489Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790488Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790487Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790486Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790485Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790484Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790483Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790482Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790481Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790480Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790479Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790478Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790477Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790476Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790475Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790474Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790473Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790472Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790471Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790470Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790469Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{5794DAFD-BE60-433f-88A2-1A31939AC01F}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790468Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{4D2F9B6F-1E52-4711-A382-6A8B1A003DE6}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790467Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790466Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790465Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790464Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790463Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790462Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{25537BA6-77A8-11D2-9B6C-0000F8080861}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790461Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790460Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790459Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790458Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790457Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242512WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2768; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll58570000461168601842738790456Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27681124WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2768; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll58570000461168601842738790455Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational27681124WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:11 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790454Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790453Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790452Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790451Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790450Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790449Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790448Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790447Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790446Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790445Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790444Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790443Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790442Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790441Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790440Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790439Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790438Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790437Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790436Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790435Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790434Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790433Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790432Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790431Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790430Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790429Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790428Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790427Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790426Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790425Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790424Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790423Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790422Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790421Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790420Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790419Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790418Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790417Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790416Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790415Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790414Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790413Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790412Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790411Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown58580200461168601842738790410Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown5858020046116860184273879049Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}"; ResultCode = 0x80041002; PossibleCause = Unknown5858020046116860184273879048Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242528WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3440; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll5857000046116860184273879047Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational34403468WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
ServerFeatureProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %windir%\system32\wbem\servercompprov.dll5857000046116860184273879046Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28563084WIN-5T344G8GM1HS-1-5-201/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2972; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : select ChassisTypes from Win32_SystemEnclosure; ResultCode = 0x80041032; PossibleCause = Unknown5858020046116860184273879045Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9242484WIN-5T344G8GM1HS-1-5-181/16/2018 5:02:09 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll5857000046116860184273879044Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28563084WIN-5T344G8GM1HS-1-5-201/16/2018 5:02:06 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll5857000046116860184273879043Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational28562436WIN-5T344G8GM1HS-1-5-201/16/2018 5:02:05 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkInformationInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-PD8DQPRRTAO; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2508; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MSiSCSI_PortalInfoClass; ResultCode = 0x8004100A; PossibleCause = Unknown5858020046116860184273879042Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9162392WIN-PD8DQPRRTAOS-1-5-181/16/2018 5:01:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-PD8DQPRRTAO; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2508; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MS_SM_AdapterInformationQuery; ResultCode = 0x8004100A; PossibleCause = Unknown5858020046116860184273879041Microsoft-Windows-WMI-Activity1418ef04-b0b4-4623-bf7e-d74ab47bbdaaMicrosoft-Windows-WMI-Activity/Operational9162392WIN-PD8DQPRRTAOS-1-5-181/16/2018 5:01:40 PMmicrosoft-windows-wmi-activity/operationalSystem.UInt32[]System.Diagnostics.Eventing.Reader.EventBookmarkErrorInfoSystem.Collections.ObjectModel.ReadOnlyCollection`1[System.String]System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]