| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| The Tile Data model server service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 3049 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 4084 | hv-cinder-79617 | | 10/31/2022 12:45:59 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Modules Installer service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 3048 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 4084 | hv-cinder-79617 | | 10/31/2022 12:45:39 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 3047 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:44:59 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Portable Device Enumerator Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 3046 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 3128 | hv-cinder-79617 | | 10/31/2022 12:44:53 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 3045 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:44:44 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 3044 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:44:38 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Tile Data model server service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 3043 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 3128 | hv-cinder-79617 | | 10/31/2022 12:44:38 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Device Setup Manager service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 3042 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 3128 | hv-cinder-79617 | | 10/31/2022 12:44:24 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Network Setup Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 3041 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 3128 | hv-cinder-79617 | | 10/31/2022 12:44:22 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic D0CDC415-2533-40C4-A321-7C95B8B6B9FC--34E4B45B-AE34-4C7A-BDFA-BCD1234DCA09 (Friendly Name: 16976c96-0697-482f-bcc1-98d0bc00538f). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3040 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4128 | 1616 | hv-cinder-79617 | S-1-5-83-1-3503146005-1086596403-2507940259-4240029368 | 10/31/2022 12:44:21 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC D0CDC415-2533-40C4-A321-7C95B8B6B9FC--34E4B45B-AE34-4C7A-BDFA-BCD1234DCA09 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3039 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4128 | 1616 | hv-cinder-79617 | S-1-5-83-1-3503146005-1086596403-2507940259-4240029368 | 10/31/2022 12:44:21 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic 908C7B93-8A71-4BCB-B85F-00F5DB269C47--80069B94-A38E-46DC-B697-5D014C5C4E85 (Friendly Name: a1f478e3-0037-482b-9f12-361410fca1f5). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3038 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 5104 | 1176 | hv-cinder-79617 | S-1-5-83-1-2425125779-1271630449-4110442424-1201415899 | 10/31/2022 12:43:49 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 908C7B93-8A71-4BCB-B85F-00F5DB269C47--80069B94-A38E-46DC-B697-5D014C5C4E85 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3037 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 5104 | 1176 | hv-cinder-79617 | S-1-5-83-1-2425125779-1271630449-4110442424-1201415899 | 10/31/2022 12:43:49 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic DE02CC59-7A96-40A0-AF76-DCA72A4CC2BD--C15A7628-07F3-41D2-A6AD-A83F9574FAB2 (Friendly Name: bf3768f3-740b-45b9-92a5-0798ffcfacc8). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3036 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4928 | 5008 | hv-cinder-79617 | S-1-5-83-1-3724725337-1084258966-2816243375-3183627306 | 10/31/2022 12:43:43 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC DE02CC59-7A96-40A0-AF76-DCA72A4CC2BD--C15A7628-07F3-41D2-A6AD-A83F9574FAB2 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3035 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4928 | 5008 | hv-cinder-79617 | S-1-5-83-1-3724725337-1084258966-2816243375-3183627306 | 10/31/2022 12:43:43 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC D0CDC415-2533-40C4-A321-7C95B8B6B9FC--34E4B45B-AE34-4C7A-BDFA-BCD1234DCA09 (Friendly Name: 16976c96-0697-482f-bcc1-98d0bc00538f) successfully connected to port 78FFF9A9-1EDC-452C-9B9C-965F653E535C (Friendly Name: 16976c96-0697-482f-bcc1-98d0bc00538f) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3034 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4128 | 1808 | hv-cinder-79617 | S-1-5-83-1-3503146005-1086596403-2507940259-4240029368 | 10/31/2022 12:43:40 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic D0CDC415-2533-40C4-A321-7C95B8B6B9FC--34E4B45B-AE34-4C7A-BDFA-BCD1234DCA09 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3033 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4128 | 1808 | hv-cinder-79617 | | 10/31/2022 12:43:40 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic D0CDC415-2533-40C4-A321-7C95B8B6B9FC--34E4B45B-AE34-4C7A-BDFA-BCD1234DCA09 (Friendly Name: 16976c96-0697-482f-bcc1-98d0bc00538f). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3032 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2128 | 3976 | hv-cinder-79617 | S-1-5-83-1-3503146005-1086596403-2507940259-4240029368 | 10/31/2022 12:43:36 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC D0CDC415-2533-40C4-A321-7C95B8B6B9FC--34E4B45B-AE34-4C7A-BDFA-BCD1234DCA09 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3031 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2128 | 3976 | hv-cinder-79617 | S-1-5-83-1-3503146005-1086596403-2507940259-4240029368 | 10/31/2022 12:43:36 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic E3A72AC5-9C8B-4A50-AD6F-7BAF1CD9A69F--31931DDE-9C64-41AD-B6D4-1EBF11A06A91 (Friendly Name: d5796cf1-d539-4378-86a3-39853a7c58f2). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3030 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3972 | 2736 | hv-cinder-79617 | S-1-5-83-1-3819383493-1246796939-2944102317-2678511900 | 10/31/2022 12:43:14 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC E3A72AC5-9C8B-4A50-AD6F-7BAF1CD9A69F--31931DDE-9C64-41AD-B6D4-1EBF11A06A91 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3029 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3972 | 2736 | hv-cinder-79617 | S-1-5-83-1-3819383493-1246796939-2944102317-2678511900 | 10/31/2022 12:43:14 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC E3A72AC5-9C8B-4A50-AD6F-7BAF1CD9A69F--31931DDE-9C64-41AD-B6D4-1EBF11A06A91 (Friendly Name: d5796cf1-d539-4378-86a3-39853a7c58f2) successfully connected to port 1187B062-58AD-424E-B40C-17FE4F7AC429 (Friendly Name: d5796cf1-d539-4378-86a3-39853a7c58f2) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3028 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3972 | 1180 | hv-cinder-79617 | S-1-5-83-1-3819383493-1246796939-2944102317-2678511900 | 10/31/2022 12:42:50 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic E3A72AC5-9C8B-4A50-AD6F-7BAF1CD9A69F--31931DDE-9C64-41AD-B6D4-1EBF11A06A91 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3027 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3972 | 1180 | hv-cinder-79617 | | 10/31/2022 12:42:50 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC D0CDC415-2533-40C4-A321-7C95B8B6B9FC--34E4B45B-AE34-4C7A-BDFA-BCD1234DCA09 (Friendly Name: 16976c96-0697-482f-bcc1-98d0bc00538f) successfully connected to port 78FFF9A9-1EDC-452C-9B9C-965F653E535C (Friendly Name: 16976c96-0697-482f-bcc1-98d0bc00538f) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3026 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2128 | 3976 | hv-cinder-79617 | S-1-5-83-1-3503146005-1086596403-2507940259-4240029368 | 10/31/2022 12:42:35 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic D0CDC415-2533-40C4-A321-7C95B8B6B9FC--34E4B45B-AE34-4C7A-BDFA-BCD1234DCA09 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3025 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2128 | 3976 | hv-cinder-79617 | | 10/31/2022 12:42:35 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic 2E0074F4-33E1-41C6-BCE2-41EE34CF6E1D--A7F41A98-AC5D-4A0C-9AA8-0B92F39D4686 (Friendly Name: fd19230e-a933-459a-a46a-ee58aa368072). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3024 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4832 | 2944 | hv-cinder-79617 | S-1-5-83-1-771781876-1103508449-3997295292-493801268 | 10/31/2022 12:42:28 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 2E0074F4-33E1-41C6-BCE2-41EE34CF6E1D--A7F41A98-AC5D-4A0C-9AA8-0B92F39D4686 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3023 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4832 | 2944 | hv-cinder-79617 | S-1-5-83-1-771781876-1103508449-3997295292-493801268 | 10/31/2022 12:42:28 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC DE02CC59-7A96-40A0-AF76-DCA72A4CC2BD--C15A7628-07F3-41D2-A6AD-A83F9574FAB2 (Friendly Name: bf3768f3-740b-45b9-92a5-0798ffcfacc8) successfully connected to port 1BCFDA4B-392B-4942-B6C7-9541238A5E6F (Friendly Name: bf3768f3-740b-45b9-92a5-0798ffcfacc8) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3022 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4928 | 360 | hv-cinder-79617 | S-1-5-83-1-3724725337-1084258966-2816243375-3183627306 | 10/31/2022 12:41:48 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic DE02CC59-7A96-40A0-AF76-DCA72A4CC2BD--C15A7628-07F3-41D2-A6AD-A83F9574FAB2 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3021 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4928 | 360 | hv-cinder-79617 | | 10/31/2022 12:41:48 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 2E0074F4-33E1-41C6-BCE2-41EE34CF6E1D--A7F41A98-AC5D-4A0C-9AA8-0B92F39D4686 (Friendly Name: fd19230e-a933-459a-a46a-ee58aa368072) successfully connected to port EBEA7284-850A-4D4D-816C-F12AB26678CC (Friendly Name: fd19230e-a933-459a-a46a-ee58aa368072) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3020 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4832 | 2944 | hv-cinder-79617 | S-1-5-83-1-771781876-1103508449-3997295292-493801268 | 10/31/2022 12:41:42 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic 2E0074F4-33E1-41C6-BCE2-41EE34CF6E1D--A7F41A98-AC5D-4A0C-9AA8-0B92F39D4686 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3019 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4832 | 2944 | hv-cinder-79617 | | 10/31/2022 12:41:42 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Network Setup Service service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 3018 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 4084 | hv-cinder-79617 | | 10/31/2022 12:41:39 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Portable Device Enumerator Service service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 3017 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 4084 | hv-cinder-79617 | | 10/31/2022 12:41:37 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Network Setup Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 3016 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 4804 | hv-cinder-79617 | | 10/31/2022 12:41:23 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Portable Device Enumerator Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 3015 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 4804 | hv-cinder-79617 | | 10/31/2022 12:41:20 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Modules Installer service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 3014 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 4804 | hv-cinder-79617 | | 10/31/2022 12:41:18 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Device Setup Manager service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 3013 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 4804 | hv-cinder-79617 | | 10/31/2022 12:41:14 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic C6F67D0B-6A2C-4B03-A69F-FBD33FBD80A5--526EC472-9157-49CC-BF33-132C0AC19480 (Friendly Name: 360a1655-b233-4d4d-a557-dc89ddf2b18e). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3012 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3348 | 2916 | hv-cinder-79617 | S-1-5-83-1-3338042635-1258514988-3556482982-2776677695 | 10/31/2022 12:40:11 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC C6F67D0B-6A2C-4B03-A69F-FBD33FBD80A5--526EC472-9157-49CC-BF33-132C0AC19480 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3011 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3348 | 2916 | hv-cinder-79617 | S-1-5-83-1-3338042635-1258514988-3556482982-2776677695 | 10/31/2022 12:40:11 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Diagnostic System Host service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 3010 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 4804 | hv-cinder-79617 | | 10/31/2022 12:40:01 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic 82790DEF-C7D7-4521-9C01-44ACBA95F55A--ABA103B3-1B4B-4334-A88D-836E59B39E17 (Friendly Name: 7b6ab379-5ce7-4b17-b091-dac7cbe3cfd0). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3009 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4228 | 360 | hv-cinder-79617 | S-1-5-83-1-2188971503-1159841751-2890138012-1526044090 | 10/31/2022 12:39:37 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 82790DEF-C7D7-4521-9C01-44ACBA95F55A--ABA103B3-1B4B-4334-A88D-836E59B39E17 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3008 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4228 | 360 | hv-cinder-79617 | S-1-5-83-1-2188971503-1159841751-2890138012-1526044090 | 10/31/2022 12:39:37 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic A10C9C35-5191-4862-A613-0981500335A8--CF8BD6E2-415C-4FEA-966A-14B684874268 (Friendly Name: 165b6d01-75c7-4d1f-9584-92ce0f4b1ea8). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3007 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1476 | 5116 | hv-cinder-79617 | S-1-5-83-1-2701958197-1214402961-2164855718-2822046544 | 10/31/2022 12:39:36 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC A10C9C35-5191-4862-A613-0981500335A8--CF8BD6E2-415C-4FEA-966A-14B684874268 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3006 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1476 | 5116 | hv-cinder-79617 | S-1-5-83-1-2701958197-1214402961-2164855718-2822046544 | 10/31/2022 12:39:36 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic 06966FC9-2045-436C-8FB8-49AB46D92BB8--7D7DBF01-4FE0-4418-A84D-26988AF736DD (Friendly Name: 49446827-3823-4653-b9b1-9419ae249ec6). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3005 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4272 | 3244 | hv-cinder-79617 | S-1-5-83-1-110522313-1131159621-2873735311-3089881414 | 10/31/2022 12:39:33 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 06966FC9-2045-436C-8FB8-49AB46D92BB8--7D7DBF01-4FE0-4418-A84D-26988AF736DD successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3004 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4272 | 3244 | hv-cinder-79617 | S-1-5-83-1-110522313-1131159621-2873735311-3089881414 | 10/31/2022 12:39:33 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC A10C9C35-5191-4862-A613-0981500335A8--CF8BD6E2-415C-4FEA-966A-14B684874268 (Friendly Name: 165b6d01-75c7-4d1f-9584-92ce0f4b1ea8) successfully connected to port 2582BC4C-E290-489E-8C35-8341E13041D7 (Friendly Name: 165b6d01-75c7-4d1f-9584-92ce0f4b1ea8) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3003 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1476 | 5116 | hv-cinder-79617 | S-1-5-83-1-2701958197-1214402961-2164855718-2822046544 | 10/31/2022 12:39:32 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic A10C9C35-5191-4862-A613-0981500335A8--CF8BD6E2-415C-4FEA-966A-14B684874268 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3002 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1476 | 5116 | hv-cinder-79617 | | 10/31/2022 12:39:32 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC C6F67D0B-6A2C-4B03-A69F-FBD33FBD80A5--526EC472-9157-49CC-BF33-132C0AC19480 (Friendly Name: 360a1655-b233-4d4d-a557-dc89ddf2b18e) successfully connected to port 7919F58E-2915-4F52-9BA7-DB72292AAE01 (Friendly Name: 360a1655-b233-4d4d-a557-dc89ddf2b18e) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3001 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3348 | 2916 | hv-cinder-79617 | S-1-5-83-1-3338042635-1258514988-3556482982-2776677695 | 10/31/2022 12:39:28 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic C6F67D0B-6A2C-4B03-A69F-FBD33FBD80A5--526EC472-9157-49CC-BF33-132C0AC19480 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3000 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3348 | 2916 | hv-cinder-79617 | | 10/31/2022 12:39:28 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic FF59AE65-F43F-45C5-97B0-932B112F42B7--2DBD32E6-1AFE-4D8B-A923-20D8786FEC52 (Friendly Name: c444a742-6430-4bab-91f7-bff045443454). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2999 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3300 | 3720 | hv-cinder-79617 | S-1-5-83-1-4284067429-1170601023-731099287-3074567953 | 10/31/2022 12:39:26 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC FF59AE65-F43F-45C5-97B0-932B112F42B7--2DBD32E6-1AFE-4D8B-A923-20D8786FEC52 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2998 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3300 | 3720 | hv-cinder-79617 | S-1-5-83-1-4284067429-1170601023-731099287-3074567953 | 10/31/2022 12:39:26 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 908C7B93-8A71-4BCB-B85F-00F5DB269C47--80069B94-A38E-46DC-B697-5D014C5C4E85 (Friendly Name: a1f478e3-0037-482b-9f12-361410fca1f5) successfully connected to port 67C5B0A6-2DD9-4DF5-AFC9-23BC20FFF3B6 (Friendly Name: a1f478e3-0037-482b-9f12-361410fca1f5) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2997 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 5104 | 1176 | hv-cinder-79617 | S-1-5-83-1-2425125779-1271630449-4110442424-1201415899 | 10/31/2022 12:39:24 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic 908C7B93-8A71-4BCB-B85F-00F5DB269C47--80069B94-A38E-46DC-B697-5D014C5C4E85 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2996 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 5104 | 1176 | hv-cinder-79617 | | 10/31/2022 12:39:24 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Modules Installer service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2995 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 4084 | hv-cinder-79617 | | 10/31/2022 12:38:52 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic AEF5454C-B792-4AFA-B442-5843893E73DC--B295844A-612D-475D-A00B-CD5A27E26FF2 (Friendly Name: 76712093-6a65-4766-8171-79fff21ef102). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2994 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2024 | 3644 | hv-cinder-79617 | S-1-5-83-1-2935309644-1257944978-1129857716-3698540169 | 10/31/2022 12:38:52 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC AEF5454C-B792-4AFA-B442-5843893E73DC--B295844A-612D-475D-A00B-CD5A27E26FF2 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2993 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2024 | 3644 | hv-cinder-79617 | S-1-5-83-1-2935309644-1257944978-1129857716-3698540169 | 10/31/2022 12:38:52 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic 450E5F0E-4174-4CE6-9B52-B054022D6079--7A279A6A-FC22-4BC1-A730-C85A72D4EA85 (Friendly Name: 360a1655-b233-4d4d-a557-dc89ddf2b18e). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2992 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1712 | 1108 | hv-cinder-79617 | S-1-5-83-1-1158569742-1290158452-1420841627-2036346114 | 10/31/2022 12:38:41 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 450E5F0E-4174-4CE6-9B52-B054022D6079--7A279A6A-FC22-4BC1-A730-C85A72D4EA85 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2991 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1712 | 1108 | hv-cinder-79617 | S-1-5-83-1-1158569742-1290158452-1420841627-2036346114 | 10/31/2022 12:38:41 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 06966FC9-2045-436C-8FB8-49AB46D92BB8--7D7DBF01-4FE0-4418-A84D-26988AF736DD (Friendly Name: 49446827-3823-4653-b9b1-9419ae249ec6) successfully connected to port 04527B10-6578-4F8F-B3B3-7835C1F07C54 (Friendly Name: 49446827-3823-4653-b9b1-9419ae249ec6) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2990 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4272 | 4468 | hv-cinder-79617 | S-1-5-83-1-110522313-1131159621-2873735311-3089881414 | 10/31/2022 12:38:31 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic 06966FC9-2045-436C-8FB8-49AB46D92BB8--7D7DBF01-4FE0-4418-A84D-26988AF736DD (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2989 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4272 | 4468 | hv-cinder-79617 | | 10/31/2022 12:38:31 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic D9295B96-589C-4F0D-8A43-42696C6EA278--2B137D47-E894-4654-A79D-771569E93C44 (Friendly Name: a33f2616-bbbf-49fa-87ab-2b1769bc0111). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2988 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4496 | 5116 | hv-cinder-79617 | S-1-5-83-1-3643366294-1326274716-1765950346-2023911020 | 10/31/2022 12:38:15 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC D9295B96-589C-4F0D-8A43-42696C6EA278--2B137D47-E894-4654-A79D-771569E93C44 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2987 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4496 | 5116 | hv-cinder-79617 | S-1-5-83-1-3643366294-1326274716-1765950346-2023911020 | 10/31/2022 12:38:15 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic 9DE6BE67-79DD-4788-990F-2EEAB55FD01E--C878BF9E-94E8-4687-966A-1C0D69F55E0E (Friendly Name: 81273f70-32ad-4271-bbb8-913808f06f34). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2986 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4260 | 4580 | hv-cinder-79617 | S-1-5-83-1-2649144935-1200126429-3928887193-516972469 | 10/31/2022 12:38:12 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 9DE6BE67-79DD-4788-990F-2EEAB55FD01E--C878BF9E-94E8-4687-966A-1C0D69F55E0E successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2985 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4260 | 4580 | hv-cinder-79617 | S-1-5-83-1-2649144935-1200126429-3928887193-516972469 | 10/31/2022 12:38:12 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic F9EB7AA5-519A-4885-88A3-4AE317A9235A--B727FD80-2E2E-4C3A-B7F3-18EB6CC2D5A4 (Friendly Name: 8ae8e564-b3aa-4e58-8d16-d182b80edabc). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2984 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 888 | 4248 | hv-cinder-79617 | S-1-5-83-1-4192959141-1216696730-3813319560-1512286487 | 10/31/2022 12:38:09 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC F9EB7AA5-519A-4885-88A3-4AE317A9235A--B727FD80-2E2E-4C3A-B7F3-18EB6CC2D5A4 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2983 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 888 | 4248 | hv-cinder-79617 | S-1-5-83-1-4192959141-1216696730-3813319560-1512286487 | 10/31/2022 12:38:09 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 82790DEF-C7D7-4521-9C01-44ACBA95F55A--ABA103B3-1B4B-4334-A88D-836E59B39E17 (Friendly Name: 7b6ab379-5ce7-4b17-b091-dac7cbe3cfd0) successfully connected to port 0EE69211-9B89-43B2-9CB7-2C826355F4A0 (Friendly Name: 7b6ab379-5ce7-4b17-b091-dac7cbe3cfd0) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2982 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4228 | 1460 | hv-cinder-79617 | S-1-5-83-1-2188971503-1159841751-2890138012-1526044090 | 10/31/2022 12:38:02 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic 82790DEF-C7D7-4521-9C01-44ACBA95F55A--ABA103B3-1B4B-4334-A88D-836E59B39E17 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2981 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4228 | 1460 | hv-cinder-79617 | | 10/31/2022 12:38:02 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC FF59AE65-F43F-45C5-97B0-932B112F42B7--2DBD32E6-1AFE-4D8B-A923-20D8786FEC52 (Friendly Name: c444a742-6430-4bab-91f7-bff045443454) successfully connected to port 3452CB48-B960-4C86-823E-69DDEC1C2C05 (Friendly Name: c444a742-6430-4bab-91f7-bff045443454) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2980 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3300 | 3720 | hv-cinder-79617 | S-1-5-83-1-4284067429-1170601023-731099287-3074567953 | 10/31/2022 12:38:01 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic FF59AE65-F43F-45C5-97B0-932B112F42B7--2DBD32E6-1AFE-4D8B-A923-20D8786FEC52 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2979 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3300 | 3720 | hv-cinder-79617 | | 10/31/2022 12:38:01 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic F228801D-A230-493E-9BF0-D5AD7792469F--B4EFFB17-B612-4246-B209-2B46080AA75D (Friendly Name: 7591dba3-56f4-4739-8b1f-33a42a9073b1). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2978 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4788 | 1272 | hv-cinder-79617 | S-1-5-83-1-4062740509-1228841520-2916479131-2672202359 | 10/31/2022 12:37:59 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC F228801D-A230-493E-9BF0-D5AD7792469F--B4EFFB17-B612-4246-B209-2B46080AA75D successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2977 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4788 | 1272 | hv-cinder-79617 | S-1-5-83-1-4062740509-1228841520-2916479131-2672202359 | 10/31/2022 12:37:59 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic 639C2DDB-F627-415B-94EC-974A5A5ABCAA--B8A6E2CB-535E-467F-A1A3-11C82A9D420B (Friendly Name: f9ca4955-7ad3-407e-b90d-7bad757cb1d8). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2976 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4740 | 3108 | hv-cinder-79617 | S-1-5-83-1-1671179739-1096545831-1251470484-2864470618 | 10/31/2022 12:37:44 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 639C2DDB-F627-415B-94EC-974A5A5ABCAA--B8A6E2CB-535E-467F-A1A3-11C82A9D420B successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2975 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4740 | 3108 | hv-cinder-79617 | S-1-5-83-1-1671179739-1096545831-1251470484-2864470618 | 10/31/2022 12:37:44 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 450E5F0E-4174-4CE6-9B52-B054022D6079--7A279A6A-FC22-4BC1-A730-C85A72D4EA85 (Friendly Name: 360a1655-b233-4d4d-a557-dc89ddf2b18e) successfully connected to port 90E2DDB0-FABD-46DC-8C8A-BC2CC6A8108A (Friendly Name: 360a1655-b233-4d4d-a557-dc89ddf2b18e) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2974 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1712 | 1108 | hv-cinder-79617 | S-1-5-83-1-1158569742-1290158452-1420841627-2036346114 | 10/31/2022 12:37:41 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic 450E5F0E-4174-4CE6-9B52-B054022D6079--7A279A6A-FC22-4BC1-A730-C85A72D4EA85 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2973 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1712 | 1108 | hv-cinder-79617 | | 10/31/2022 12:37:41 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Device Setup Manager service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2972 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 2952 | hv-cinder-79617 | | 10/31/2022 12:37:37 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic 6A225375-AB43-42CE-942D-A1F842A2E9F9--78935596-9222-4557-B8BA-F7A37F97C4B3 (Friendly Name: c444a742-6430-4bab-91f7-bff045443454). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2971 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3964 | 3660 | hv-cinder-79617 | S-1-5-83-1-1780634485-1120840515-4171312532-4192838210 | 10/31/2022 12:37:36 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 6A225375-AB43-42CE-942D-A1F842A2E9F9--78935596-9222-4557-B8BA-F7A37F97C4B3 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2970 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3964 | 3660 | hv-cinder-79617 | S-1-5-83-1-1780634485-1120840515-4171312532-4192838210 | 10/31/2022 12:37:36 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic 96CB1797-63FB-4B76-AF55-09AEEC68C326--CE2A5808-6EA0-4E7C-81E8-6135655AACAB (Friendly Name: dffec82d-007b-4838-9898-19da61885395). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2969 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1284 | 3916 | hv-cinder-79617 | S-1-5-83-1-2529892247-1266050043-2919847343-650340588 | 10/31/2022 12:37:28 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 96CB1797-63FB-4B76-AF55-09AEEC68C326--CE2A5808-6EA0-4E7C-81E8-6135655AACAB successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2968 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1284 | 3916 | hv-cinder-79617 | S-1-5-83-1-2529892247-1266050043-2919847343-650340588 | 10/31/2022 12:37:28 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC F228801D-A230-493E-9BF0-D5AD7792469F--B4EFFB17-B612-4246-B209-2B46080AA75D (Friendly Name: 7591dba3-56f4-4739-8b1f-33a42a9073b1) successfully connected to port BA7D9F04-17CF-4549-9D03-BEBCCC3AB333 (Friendly Name: 7591dba3-56f4-4739-8b1f-33a42a9073b1) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2967 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4788 | 1272 | hv-cinder-79617 | S-1-5-83-1-4062740509-1228841520-2916479131-2672202359 | 10/31/2022 12:37:13 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic F228801D-A230-493E-9BF0-D5AD7792469F--B4EFFB17-B612-4246-B209-2B46080AA75D (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2966 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4788 | 1272 | hv-cinder-79617 | | 10/31/2022 12:37:13 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic F228801D-A230-493E-9BF0-D5AD7792469F--B4EFFB17-B612-4246-B209-2B46080AA75D (Friendly Name: 7591dba3-56f4-4739-8b1f-33a42a9073b1). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2965 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 940 | 1104 | hv-cinder-79617 | S-1-5-83-1-4062740509-1228841520-2916479131-2672202359 | 10/31/2022 12:37:11 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC F228801D-A230-493E-9BF0-D5AD7792469F--B4EFFB17-B612-4246-B209-2B46080AA75D successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2964 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 940 | 1104 | hv-cinder-79617 | S-1-5-83-1-4062740509-1228841520-2916479131-2672202359 | 10/31/2022 12:37:11 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 9DE6BE67-79DD-4788-990F-2EEAB55FD01E--C878BF9E-94E8-4687-966A-1C0D69F55E0E (Friendly Name: 81273f70-32ad-4271-bbb8-913808f06f34) successfully connected to port E160F206-EFEA-4E47-B44C-68C93488E230 (Friendly Name: 81273f70-32ad-4271-bbb8-913808f06f34) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2963 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4260 | 5032 | hv-cinder-79617 | S-1-5-83-1-2649144935-1200126429-3928887193-516972469 | 10/31/2022 12:37:09 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic 9DE6BE67-79DD-4788-990F-2EEAB55FD01E--C878BF9E-94E8-4687-966A-1C0D69F55E0E (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2962 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4260 | 5032 | hv-cinder-79617 | | 10/31/2022 12:37:09 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC F228801D-A230-493E-9BF0-D5AD7792469F--B4EFFB17-B612-4246-B209-2B46080AA75D (Friendly Name: 7591dba3-56f4-4739-8b1f-33a42a9073b1) successfully connected to port BA7D9F04-17CF-4549-9D03-BEBCCC3AB333 (Friendly Name: 7591dba3-56f4-4739-8b1f-33a42a9073b1) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2961 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 940 | 4852 | hv-cinder-79617 | S-1-5-83-1-4062740509-1228841520-2916479131-2672202359 | 10/31/2022 12:37:09 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic F228801D-A230-493E-9BF0-D5AD7792469F--B4EFFB17-B612-4246-B209-2B46080AA75D (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2960 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 940 | 4852 | hv-cinder-79617 | | 10/31/2022 12:37:09 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic F228801D-A230-493E-9BF0-D5AD7792469F--B4EFFB17-B612-4246-B209-2B46080AA75D (Friendly Name: 7591dba3-56f4-4739-8b1f-33a42a9073b1). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2959 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2080 | 1964 | hv-cinder-79617 | S-1-5-83-1-4062740509-1228841520-2916479131-2672202359 | 10/31/2022 12:37:01 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC F228801D-A230-493E-9BF0-D5AD7792469F--B4EFFB17-B612-4246-B209-2B46080AA75D successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2958 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2080 | 1964 | hv-cinder-79617 | S-1-5-83-1-4062740509-1228841520-2916479131-2672202359 | 10/31/2022 12:37:01 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic 0993276B-F934-4153-A424-1F63303DEC28--0114B283-8B14-4B2A-96EE-DFC085C04098 (Friendly Name: ffe46aaf-72a4-4c15-9506-ca33161dddf3). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2957 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1616 | 4444 | hv-cinder-79617 | S-1-5-83-1-160638827-1096022324-1662985380-686570800 | 10/31/2022 12:36:53 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 0993276B-F934-4153-A424-1F63303DEC28--0114B283-8B14-4B2A-96EE-DFC085C04098 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2956 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1616 | 4444 | hv-cinder-79617 | S-1-5-83-1-160638827-1096022324-1662985380-686570800 | 10/31/2022 12:36:53 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC AEF5454C-B792-4AFA-B442-5843893E73DC--B295844A-612D-475D-A00B-CD5A27E26FF2 (Friendly Name: 76712093-6a65-4766-8171-79fff21ef102) successfully connected to port 445D1CB1-6D97-47AE-ADA4-C30627870FBE (Friendly Name: 76712093-6a65-4766-8171-79fff21ef102) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2955 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2024 | 3872 | hv-cinder-79617 | S-1-5-83-1-2935309644-1257944978-1129857716-3698540169 | 10/31/2022 12:36:41 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic 7AF2DF28-099B-4C6E-842B-63CE5CA3767F--4AE925CC-31FB-4DB0-B160-D5EB419AE2DC (Friendly Name: 2bcb3176-596a-4211-910f-3e00167f2763). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2954 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4184 | 4484 | hv-cinder-79617 | S-1-5-83-1-2062737192-1282279835-3462605700-2138481500 | 10/31/2022 12:36:41 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 7AF2DF28-099B-4C6E-842B-63CE5CA3767F--4AE925CC-31FB-4DB0-B160-D5EB419AE2DC successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2953 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4184 | 4484 | hv-cinder-79617 | S-1-5-83-1-2062737192-1282279835-3462605700-2138481500 | 10/31/2022 12:36:41 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic AEF5454C-B792-4AFA-B442-5843893E73DC--B295844A-612D-475D-A00B-CD5A27E26FF2 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2952 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2024 | 3872 | hv-cinder-79617 | | 10/31/2022 12:36:41 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 639C2DDB-F627-415B-94EC-974A5A5ABCAA--B8A6E2CB-535E-467F-A1A3-11C82A9D420B (Friendly Name: f9ca4955-7ad3-407e-b90d-7bad757cb1d8) successfully connected to port 4945CF27-0C5D-4F59-A026-038EF92F6E10 (Friendly Name: f9ca4955-7ad3-407e-b90d-7bad757cb1d8) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2951 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4740 | 3000 | hv-cinder-79617 | S-1-5-83-1-1671179739-1096545831-1251470484-2864470618 | 10/31/2022 12:36:38 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic 639C2DDB-F627-415B-94EC-974A5A5ABCAA--B8A6E2CB-535E-467F-A1A3-11C82A9D420B (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2950 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4740 | 3000 | hv-cinder-79617 | | 10/31/2022 12:36:38 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 96CB1797-63FB-4B76-AF55-09AEEC68C326--CE2A5808-6EA0-4E7C-81E8-6135655AACAB (Friendly Name: dffec82d-007b-4838-9898-19da61885395) successfully connected to port 79FF9022-5333-4109-8020-EF8718306D57 (Friendly Name: dffec82d-007b-4838-9898-19da61885395) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2949 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1284 | 212 | hv-cinder-79617 | S-1-5-83-1-2529892247-1266050043-2919847343-650340588 | 10/31/2022 12:36:35 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic 96CB1797-63FB-4B76-AF55-09AEEC68C326--CE2A5808-6EA0-4E7C-81E8-6135655AACAB (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2948 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1284 | 212 | hv-cinder-79617 | | 10/31/2022 12:36:35 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic 639C2DDB-F627-415B-94EC-974A5A5ABCAA--B8A6E2CB-535E-467F-A1A3-11C82A9D420B (Friendly Name: f9ca4955-7ad3-407e-b90d-7bad757cb1d8). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2947 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3952 | 4512 | hv-cinder-79617 | S-1-5-83-1-1671179739-1096545831-1251470484-2864470618 | 10/31/2022 12:36:34 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 639C2DDB-F627-415B-94EC-974A5A5ABCAA--B8A6E2CB-535E-467F-A1A3-11C82A9D420B successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2946 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3952 | 4512 | hv-cinder-79617 | S-1-5-83-1-1671179739-1096545831-1251470484-2864470618 | 10/31/2022 12:36:34 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC F228801D-A230-493E-9BF0-D5AD7792469F--B4EFFB17-B612-4246-B209-2B46080AA75D (Friendly Name: 7591dba3-56f4-4739-8b1f-33a42a9073b1) successfully connected to port BA7D9F04-17CF-4549-9D03-BEBCCC3AB333 (Friendly Name: 7591dba3-56f4-4739-8b1f-33a42a9073b1) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2945 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2080 | 1908 | hv-cinder-79617 | S-1-5-83-1-4062740509-1228841520-2916479131-2672202359 | 10/31/2022 12:35:51 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic F228801D-A230-493E-9BF0-D5AD7792469F--B4EFFB17-B612-4246-B209-2B46080AA75D (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2944 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2080 | 1908 | hv-cinder-79617 | | 10/31/2022 12:35:51 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 7AF2DF28-099B-4C6E-842B-63CE5CA3767F--4AE925CC-31FB-4DB0-B160-D5EB419AE2DC (Friendly Name: 2bcb3176-596a-4211-910f-3e00167f2763) successfully connected to port 10B4A7C1-878B-417E-9847-AFBD4E961EDD (Friendly Name: 2bcb3176-596a-4211-910f-3e00167f2763) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2943 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4184 | 4004 | hv-cinder-79617 | S-1-5-83-1-2062737192-1282279835-3462605700-2138481500 | 10/31/2022 12:35:47 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic 7AF2DF28-099B-4C6E-842B-63CE5CA3767F--4AE925CC-31FB-4DB0-B160-D5EB419AE2DC (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2942 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4184 | 4004 | hv-cinder-79617 | | 10/31/2022 12:35:47 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic 32A3088D-06C0-4FAD-BA76-118AED350759--9ACA9DD5-4B1B-4328-847F-6E194697AE48 (Friendly Name: dffec82d-007b-4838-9898-19da61885395). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2941 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4740 | 2944 | hv-cinder-79617 | S-1-5-83-1-849545357-1336739520-2316400314-1493644781 | 10/31/2022 12:35:39 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 32A3088D-06C0-4FAD-BA76-118AED350759--9ACA9DD5-4B1B-4328-847F-6E194697AE48 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2940 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4740 | 2944 | hv-cinder-79617 | S-1-5-83-1-849545357-1336739520-2316400314-1493644781 | 10/31/2022 12:35:39 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 639C2DDB-F627-415B-94EC-974A5A5ABCAA--B8A6E2CB-535E-467F-A1A3-11C82A9D420B (Friendly Name: f9ca4955-7ad3-407e-b90d-7bad757cb1d8) successfully connected to port 4945CF27-0C5D-4F59-A026-038EF92F6E10 (Friendly Name: f9ca4955-7ad3-407e-b90d-7bad757cb1d8) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2939 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3952 | 4512 | hv-cinder-79617 | S-1-5-83-1-1671179739-1096545831-1251470484-2864470618 | 10/31/2022 12:35:31 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic 639C2DDB-F627-415B-94EC-974A5A5ABCAA--B8A6E2CB-535E-467F-A1A3-11C82A9D420B (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2938 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3952 | 4512 | hv-cinder-79617 | | 10/31/2022 12:35:31 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC D9295B96-589C-4F0D-8A43-42696C6EA278--2B137D47-E894-4654-A79D-771569E93C44 (Friendly Name: a33f2616-bbbf-49fa-87ab-2b1769bc0111) successfully connected to port 4FC3F616-0324-4661-99B7-9A342E86EAAF (Friendly Name: a33f2616-bbbf-49fa-87ab-2b1769bc0111) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2937 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4496 | 4000 | hv-cinder-79617 | S-1-5-83-1-3643366294-1326274716-1765950346-2023911020 | 10/31/2022 12:35:28 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic D9295B96-589C-4F0D-8A43-42696C6EA278--2B137D47-E894-4654-A79D-771569E93C44 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2936 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4496 | 4000 | hv-cinder-79617 | | 10/31/2022 12:35:28 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic D9295B96-589C-4F0D-8A43-42696C6EA278--2B137D47-E894-4654-A79D-771569E93C44 (Friendly Name: a33f2616-bbbf-49fa-87ab-2b1769bc0111). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2935 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4920 | 3188 | hv-cinder-79617 | S-1-5-83-1-3643366294-1326274716-1765950346-2023911020 | 10/31/2022 12:35:21 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC D9295B96-589C-4F0D-8A43-42696C6EA278--2B137D47-E894-4654-A79D-771569E93C44 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2934 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4920 | 3188 | hv-cinder-79617 | S-1-5-83-1-3643366294-1326274716-1765950346-2023911020 | 10/31/2022 12:35:21 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic 639C2DDB-F627-415B-94EC-974A5A5ABCAA--B8A6E2CB-535E-467F-A1A3-11C82A9D420B (Friendly Name: f9ca4955-7ad3-407e-b90d-7bad757cb1d8). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2933 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1104 | 3656 | hv-cinder-79617 | S-1-5-83-1-1671179739-1096545831-1251470484-2864470618 | 10/31/2022 12:35:19 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 639C2DDB-F627-415B-94EC-974A5A5ABCAA--B8A6E2CB-535E-467F-A1A3-11C82A9D420B successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2932 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1104 | 3656 | hv-cinder-79617 | S-1-5-83-1-1671179739-1096545831-1251470484-2864470618 | 10/31/2022 12:35:19 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC D9295B96-589C-4F0D-8A43-42696C6EA278--2B137D47-E894-4654-A79D-771569E93C44 (Friendly Name: a33f2616-bbbf-49fa-87ab-2b1769bc0111) successfully connected to port 4FC3F616-0324-4661-99B7-9A342E86EAAF (Friendly Name: a33f2616-bbbf-49fa-87ab-2b1769bc0111) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2931 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4920 | 4892 | hv-cinder-79617 | S-1-5-83-1-3643366294-1326274716-1765950346-2023911020 | 10/31/2022 12:35:19 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic D9295B96-589C-4F0D-8A43-42696C6EA278--2B137D47-E894-4654-A79D-771569E93C44 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2930 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4920 | 4892 | hv-cinder-79617 | | 10/31/2022 12:35:19 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 6A225375-AB43-42CE-942D-A1F842A2E9F9--78935596-9222-4557-B8BA-F7A37F97C4B3 (Friendly Name: c444a742-6430-4bab-91f7-bff045443454) successfully connected to port 233C8348-EFA8-4F41-9614-4394D25658C9 (Friendly Name: c444a742-6430-4bab-91f7-bff045443454) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2929 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3964 | 4840 | hv-cinder-79617 | S-1-5-83-1-1780634485-1120840515-4171312532-4192838210 | 10/31/2022 12:35:04 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic 6A225375-AB43-42CE-942D-A1F842A2E9F9--78935596-9222-4557-B8BA-F7A37F97C4B3 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2928 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3964 | 4840 | hv-cinder-79617 | | 10/31/2022 12:35:04 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic D9295B96-589C-4F0D-8A43-42696C6EA278--2B137D47-E894-4654-A79D-771569E93C44 (Friendly Name: a33f2616-bbbf-49fa-87ab-2b1769bc0111). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2927 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2088 | 4704 | hv-cinder-79617 | S-1-5-83-1-3643366294-1326274716-1765950346-2023911020 | 10/31/2022 12:35:02 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC D9295B96-589C-4F0D-8A43-42696C6EA278--2B137D47-E894-4654-A79D-771569E93C44 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2926 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2088 | 4704 | hv-cinder-79617 | S-1-5-83-1-3643366294-1326274716-1765950346-2023911020 | 10/31/2022 12:35:02 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC F9EB7AA5-519A-4885-88A3-4AE317A9235A--B727FD80-2E2E-4C3A-B7F3-18EB6CC2D5A4 (Friendly Name: 8ae8e564-b3aa-4e58-8d16-d182b80edabc) successfully connected to port 66F9D88D-5683-4117-85FE-308961343C8E (Friendly Name: 8ae8e564-b3aa-4e58-8d16-d182b80edabc) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2925 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 888 | 4864 | hv-cinder-79617 | S-1-5-83-1-4192959141-1216696730-3813319560-1512286487 | 10/31/2022 12:34:43 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic F9EB7AA5-519A-4885-88A3-4AE317A9235A--B727FD80-2E2E-4C3A-B7F3-18EB6CC2D5A4 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2924 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 888 | 4864 | hv-cinder-79617 | | 10/31/2022 12:34:43 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic D46DC647-B05D-4487-B90E-EB29536CEBC3--4A5E5A13-8F4E-4AD8-ACC8-1B52A338F435 (Friendly Name: c7e97cf1-bc67-4517-9260-8c9de5713308). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2923 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3544 | 4036 | hv-cinder-79617 | S-1-5-83-1-3563963975-1149743197-703270585-3286985811 | 10/31/2022 12:34:41 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC D46DC647-B05D-4487-B90E-EB29536CEBC3--4A5E5A13-8F4E-4AD8-ACC8-1B52A338F435 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2922 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3544 | 4036 | hv-cinder-79617 | S-1-5-83-1-3563963975-1149743197-703270585-3286985811 | 10/31/2022 12:34:41 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC D46DC647-B05D-4487-B90E-EB29536CEBC3--4A5E5A13-8F4E-4AD8-ACC8-1B52A338F435 (Friendly Name: c7e97cf1-bc67-4517-9260-8c9de5713308) successfully connected to port 4DBF4614-967B-45B8-BC45-C1B2118C6296 (Friendly Name: c7e97cf1-bc67-4517-9260-8c9de5713308) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2921 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3544 | 812 | hv-cinder-79617 | S-1-5-83-1-3563963975-1149743197-703270585-3286985811 | 10/31/2022 12:34:37 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic D46DC647-B05D-4487-B90E-EB29536CEBC3--4A5E5A13-8F4E-4AD8-ACC8-1B52A338F435 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2920 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3544 | 812 | hv-cinder-79617 | | 10/31/2022 12:34:37 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic F9EB7AA5-519A-4885-88A3-4AE317A9235A--B727FD80-2E2E-4C3A-B7F3-18EB6CC2D5A4 (Friendly Name: 8ae8e564-b3aa-4e58-8d16-d182b80edabc). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2919 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3504 | 1236 | hv-cinder-79617 | S-1-5-83-1-4192959141-1216696730-3813319560-1512286487 | 10/31/2022 12:34:34 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC F9EB7AA5-519A-4885-88A3-4AE317A9235A--B727FD80-2E2E-4C3A-B7F3-18EB6CC2D5A4 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2918 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3504 | 1236 | hv-cinder-79617 | S-1-5-83-1-4192959141-1216696730-3813319560-1512286487 | 10/31/2022 12:34:34 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic 834BF005-16DA-4AA9-9274-387B4BEE6973--98242876-B5A6-4402-9795-37378AFF4033 (Friendly Name: ce23525c-19f9-4b3b-bdc6-f5c09ca3e19c). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2917 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4456 | 4264 | hv-cinder-79617 | S-1-5-83-1-2202791941-1252595418-2067297426-1936322123 | 10/31/2022 12:34:23 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 834BF005-16DA-4AA9-9274-387B4BEE6973--98242876-B5A6-4402-9795-37378AFF4033 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2916 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4456 | 4264 | hv-cinder-79617 | S-1-5-83-1-2202791941-1252595418-2067297426-1936322123 | 10/31/2022 12:34:23 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 834BF005-16DA-4AA9-9274-387B4BEE6973--98242876-B5A6-4402-9795-37378AFF4033 (Friendly Name: ce23525c-19f9-4b3b-bdc6-f5c09ca3e19c) successfully connected to port 062CD836-4456-45B4-99D5-016E2EBCC764 (Friendly Name: ce23525c-19f9-4b3b-bdc6-f5c09ca3e19c) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2915 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4456 | 4264 | hv-cinder-79617 | S-1-5-83-1-2202791941-1252595418-2067297426-1936322123 | 10/31/2022 12:34:18 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic 834BF005-16DA-4AA9-9274-387B4BEE6973--98242876-B5A6-4402-9795-37378AFF4033 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2914 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4456 | 4264 | hv-cinder-79617 | | 10/31/2022 12:34:18 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Delete' succeeded on nic 780C5A1B-099B-40F4-80EA-A894F633C5B2--EBDBCB31-36EB-49AC-9FC0-E196B910C8C9 (Friendly Name: 526d397e-43ed-4b15-84f5-0072c801c1b0). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2913 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 140 | 2616 | hv-cinder-79617 | S-1-5-83-1-2014075419-1089735067-2494098048-2999268342 | 10/31/2022 12:34:00 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 780C5A1B-099B-40F4-80EA-A894F633C5B2--EBDBCB31-36EB-49AC-9FC0-E196B910C8C9 successfully disconnected from port . | 234 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2912 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 140 | 2616 | hv-cinder-79617 | S-1-5-83-1-2014075419-1089735067-2494098048-2999268342 | 10/31/2022 12:34:00 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 0993276B-F934-4153-A424-1F63303DEC28--0114B283-8B14-4B2A-96EE-DFC085C04098 (Friendly Name: ffe46aaf-72a4-4c15-9506-ca33161dddf3) successfully connected to port A927022A-5ED8-40D5-9B8B-F42DCBEF5643 (Friendly Name: ffe46aaf-72a4-4c15-9506-ca33161dddf3) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2911 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1616 | 1696 | hv-cinder-79617 | S-1-5-83-1-160638827-1096022324-1662985380-686570800 | 10/31/2022 12:33:59 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic 0993276B-F934-4153-A424-1F63303DEC28--0114B283-8B14-4B2A-96EE-DFC085C04098 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2910 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1616 | 1696 | hv-cinder-79617 | | 10/31/2022 12:33:59 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Microsoft Storage Spaces SMP service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2909 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 4804 | hv-cinder-79617 | | 10/31/2022 12:33:56 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Portable Device Enumerator Service service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2908 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 864 | hv-cinder-79617 | | 10/31/2022 12:33:55 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 32A3088D-06C0-4FAD-BA76-118AED350759--9ACA9DD5-4B1B-4328-847F-6E194697AE48 (Friendly Name: dffec82d-007b-4838-9898-19da61885395) successfully connected to port 9F25A363-462F-4B39-9FF8-C08B37DCF6DB (Friendly Name: dffec82d-007b-4838-9898-19da61885395) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2907 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4740 | 4296 | hv-cinder-79617 | S-1-5-83-1-849545357-1336739520-2316400314-1493644781 | 10/31/2022 12:33:55 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic 32A3088D-06C0-4FAD-BA76-118AED350759--9ACA9DD5-4B1B-4328-847F-6E194697AE48 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2906 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4740 | 4296 | hv-cinder-79617 | | 10/31/2022 12:33:55 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC F9EB7AA5-519A-4885-88A3-4AE317A9235A--B727FD80-2E2E-4C3A-B7F3-18EB6CC2D5A4 (Friendly Name: 8ae8e564-b3aa-4e58-8d16-d182b80edabc) successfully connected to port 66F9D88D-5683-4117-85FE-308961343C8E (Friendly Name: 8ae8e564-b3aa-4e58-8d16-d182b80edabc) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2905 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3504 | 4840 | hv-cinder-79617 | S-1-5-83-1-4192959141-1216696730-3813319560-1512286487 | 10/31/2022 12:33:53 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic F9EB7AA5-519A-4885-88A3-4AE317A9235A--B727FD80-2E2E-4C3A-B7F3-18EB6CC2D5A4 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2904 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 3504 | 4840 | hv-cinder-79617 | | 10/31/2022 12:33:53 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 639C2DDB-F627-415B-94EC-974A5A5ABCAA--B8A6E2CB-535E-467F-A1A3-11C82A9D420B (Friendly Name: f9ca4955-7ad3-407e-b90d-7bad757cb1d8) successfully connected to port 4945CF27-0C5D-4F59-A026-038EF92F6E10 (Friendly Name: f9ca4955-7ad3-407e-b90d-7bad757cb1d8) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2903 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1104 | 3656 | hv-cinder-79617 | S-1-5-83-1-1671179739-1096545831-1251470484-2864470618 | 10/31/2022 12:33:50 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic 639C2DDB-F627-415B-94EC-974A5A5ABCAA--B8A6E2CB-535E-467F-A1A3-11C82A9D420B (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2902 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 1104 | 3656 | hv-cinder-79617 | | 10/31/2022 12:33:50 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC D9295B96-589C-4F0D-8A43-42696C6EA278--2B137D47-E894-4654-A79D-771569E93C44 (Friendly Name: a33f2616-bbbf-49fa-87ab-2b1769bc0111) successfully connected to port 4FC3F616-0324-4661-99B7-9A342E86EAAF (Friendly Name: a33f2616-bbbf-49fa-87ab-2b1769bc0111) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2901 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2088 | 1508 | hv-cinder-79617 | S-1-5-83-1-3643366294-1326274716-1765950346-2023911020 | 10/31/2022 12:33:50 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic D9295B96-589C-4F0D-8A43-42696C6EA278--2B137D47-E894-4654-A79D-771569E93C44 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2900 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2088 | 1508 | hv-cinder-79617 | | 10/31/2022 12:33:50 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 780C5A1B-099B-40F4-80EA-A894F633C5B2--EBDBCB31-36EB-49AC-9FC0-E196B910C8C9 (Friendly Name: 526d397e-43ed-4b15-84f5-0072c801c1b0) successfully connected to port 2FC76A07-B8BB-4BA8-8ED6-CA45669E7D6A (Friendly Name: 526d397e-43ed-4b15-84f5-0072c801c1b0) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2899 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 140 | 4140 | hv-cinder-79617 | S-1-5-83-1-2014075419-1089735067-2494098048-2999268342 | 10/31/2022 12:33:46 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic 780C5A1B-099B-40F4-80EA-A894F633C5B2--EBDBCB31-36EB-49AC-9FC0-E196B910C8C9 (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2898 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 140 | 4140 | hv-cinder-79617 | | 10/31/2022 12:33:46 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Status 0x00001069 determining that device interface \\?\{8e7bd593-6e6c-4c52-86a6-77175494dd8e}#MsVhdHba#1&3030e83&0&01#{2accfe60-c130-11d2-b082-00a0c91efb8b} does not support iSCSI WMI interfaces. If this device is not an iSCSI HBA then this error can be ignored. | 108 | | 0 | 3 | 0 | | 36028797018963968 | 2897 | MSiSCSI | | System | | | hv-cinder-79617 | | 10/31/2022 12:33:16 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Tile Data model server service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2896 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 864 | hv-cinder-79617 | | 10/31/2022 12:32:50 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Modules Installer service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2895 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 864 | hv-cinder-79617 | | 10/31/2022 12:32:46 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Update service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2894 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 864 | hv-cinder-79617 | | 10/31/2022 12:32:45 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Device Setup Manager service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2893 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 864 | hv-cinder-79617 | | 10/31/2022 12:32:45 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2892 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:31:47 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2891 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:31:45 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2890 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:31:42 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2889 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:31:39 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2888 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:31:36 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2887 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:31:34 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2886 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:31:31 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2885 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:31:28 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2884 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:31:25 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2883 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:31:22 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2882 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 4284 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:31:15 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Network Setup Service service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2881 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 864 | hv-cinder-79617 | | 10/31/2022 12:30:51 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The neutron-hyperv-agent service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2880 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 864 | hv-cinder-79617 | | 10/31/2022 12:30:41 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the neutron-hyperv-agent service was changed from demand start to auto start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2879 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 864 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:30:40 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The cinder-backup service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2878 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1644 | hv-cinder-79617 | | 10/31/2022 12:30:38 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the cinder-backup service was changed from demand start to auto start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2877 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1644 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:30:38 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The cinder-volume service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2876 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 4804 | hv-cinder-79617 | | 10/31/2022 12:30:36 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the cinder-volume service was changed from demand start to auto start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2875 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 4804 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:30:36 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The nova-compute service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2874 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 864 | hv-cinder-79617 | | 10/31/2022 12:30:33 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the nova-compute service was changed from demand start to auto start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2873 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 864 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:30:33 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2872 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:30:31 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2871 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:30:20 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Tile Data model server service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2870 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:30:20 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Update service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2869 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 3128 | hv-cinder-79617 | | 10/31/2022 12:29:10 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2868 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 3128 | hv-cinder-79617 | | 10/31/2022 12:28:30 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2867 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 3128 | hv-cinder-79617 | | 10/31/2022 12:28:00 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Modules Installer service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2866 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 3128 | hv-cinder-79617 | | 10/31/2022 12:21:10 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Tile Data model server service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2865 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:20:03 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Device Setup Manager service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2864 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:19:55 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available. | 121 | | 0 | 3 | 0 | | 36028797018963968 | 2863 | MSiSCSI | | System | | | hv-cinder-79617 | | 10/31/2022 12:19:05 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Microsoft iSCSI Initiator Service service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2862 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 3128 | hv-cinder-79617 | | 10/31/2022 12:19:03 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Modules Installer service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2861 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 3128 | hv-cinder-79617 | | 10/31/2022 12:19:02 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Update service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2860 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 3128 | hv-cinder-79617 | | 10/31/2022 12:19:01 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| If Digest support selected for iSCSI Session, Will use Processor support for Digest computation. | 67 | | 16384 | 4 | 0 | | 36028797018963968 | 2859 | iScsiPrt | | System | | | hv-cinder-79617 | | 10/31/2022 12:19:01 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Device Setup Manager service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2858 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:19:01 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the Microsoft iSCSI Initiator Service service was changed from demand start to auto start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2857 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:19:01 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2856 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:18:58 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2855 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:18:53 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2854 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:18:38 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2853 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:18:36 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2852 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:18:33 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2851 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:18:28 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2850 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:17:55 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2849 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:17:53 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2848 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:17:50 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2847 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:17:44 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Tile Data model server service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2846 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1644 | hv-cinder-79617 | | 10/31/2022 12:17:44 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Tile Data model server service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2845 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:17:19 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2844 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:16:19 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2843 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:16:17 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2842 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:16:14 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2841 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:16:09 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2840 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:15:53 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2839 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:15:51 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2838 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:15:48 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2837 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:15:43 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Tile Data model server service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2836 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:15:43 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Tile Data model server service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2835 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:15:32 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2834 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:14:32 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2833 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:14:30 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2832 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:14:27 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2831 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:14:22 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Tile Data model server service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2830 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:14:21 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Tile Data model server service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2829 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:12:54 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2828 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:11:54 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2827 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:11:52 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2826 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:11:48 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2825 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:11:43 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Update service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2824 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:11:23 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2823 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:11:05 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2822 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:11:01 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2821 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:10:45 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2820 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:10:35 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2819 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1792 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:10:30 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2818 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:10:24 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Tile Data model server service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2817 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:10:23 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Update Orchestrator Service for Windows Update service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2816 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:09:40 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Insider Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2815 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:09:40 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The AppX Deployment Service (AppXSVC) service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2814 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:09:03 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Insider Service service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2813 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:08:40 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Update Orchestrator Service for Windows Update service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2812 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:08:40 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Installer service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2811 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:08:31 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Remote Registry service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2810 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:08:00 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The App Readiness service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2809 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:07:58 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Tile Data model server service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2808 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:07:02 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Client License Service (ClipSVC) service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2807 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:06:30 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2806 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:06:02 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2805 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:05:56 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2804 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:05:55 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Tile Data model server service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2803 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:05:54 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Tile Data model server service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2802 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1644 | hv-cinder-79617 | | 10/31/2022 12:04:47 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Microsoft Account Sign-in Assistant service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2801 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1644 | hv-cinder-79617 | | 10/31/2022 12:04:30 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The AppX Deployment Service (AppXSVC) service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2800 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1644 | hv-cinder-79617 | | 10/31/2022 12:04:03 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2799 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:03:47 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2798 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:03:45 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2797 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:03:43 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2796 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:03:40 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2795 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:03:38 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2794 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:03:36 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2793 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:03:34 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2792 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:03:32 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2791 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:03:26 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2790 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:03:23 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2789 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:03:22 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Installer service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2788 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:03:21 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2787 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:03:17 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2786 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:03:16 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Modules Installer service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2785 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:03:01 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The AppX Deployment Service (AppXSVC) service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2784 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:02:59 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2783 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:02:32 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2782 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:02:28 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2781 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:02:26 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2780 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:02:21 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Network Setup Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2779 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:02:17 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Update Orchestrator Service for Windows Update service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2778 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:02:07 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2777 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:02:03 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Insider Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2776 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:02:02 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2775 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:02:02 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2774 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:01:58 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2773 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:01:55 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2772 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 996 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:01:54 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Device Setup Manager service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2771 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:01:46 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The dmwappushsvc service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2770 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:01:45 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2769 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-20 | 10/31/2022 12:01:30 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2768 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-20 | 10/31/2022 12:01:23 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Biometric Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2767 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:01:17 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Insider Service service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2766 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:01:00 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Update Orchestrator Service for Windows Update service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2765 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:00:59 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2764 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:59 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2763 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:56 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2762 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:55 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2761 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:53 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2760 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:50 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2759 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:48 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2758 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:47 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2757 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:42 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->40.119.148.38:123). | 37 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2756 | Microsoft-Windows-Time-Service | 06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb | System | 1444 | 1580 | hv-cinder-79617 | S-1-5-19 | 10/31/2022 12:00:26 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2755 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1000 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:24 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2754 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1000 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:21 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2753 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1000 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:19 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2752 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1608 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:18 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC /DEVICE/{71EB9022-65EA-471F-9757-7EF6C15F24EF} (Friendly Name: Microsoft Hyper-V Network Adapter #2) successfully connected to port A507CFFF-EA10-4857-B178-6AC2B1C060B5 (Friendly Name: br-data_External) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2751 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2572 | 2956 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 12:00:15 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC /DEVICE/{71EB9022-65EA-471F-9757-7EF6C15F24EF} (Friendly Name: Microsoft Hyper-V Network Adapter #2) is now operational. | 23 | 0 | | 4 | 1016 | 0 | -9223372036854775808 | 2750 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4 | 136 | hv-cinder-79617 | | 10/31/2022 12:00:15 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Miniport NIC 'Microsoft Hyper-V Network Adapter #2' restarted | 11 | 0 | | 4 | 1003 | 0 | -9223372036854775808 | 2749 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 136 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 12:00:15 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC /DEVICE/{71EB9022-65EA-471F-9757-7EF6C15F24EF} (Friendly Name: Microsoft Hyper-V Network Adapter #2) is no longer operational. | 24 | 0 | | 4 | 1017 | 0 | -9223372036854775808 | 2748 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4 | 136 | hv-cinder-79617 | | 10/31/2022 12:00:15 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Protocol NIC /DEVICE/{71EB9022-65EA-471F-9757-7EF6C15F24EF} (Friendly Name: Microsoft Hyper-V Network Adapter #2) successfully bound to port (Friendly Name: ) on switch (Friendly Name: ). | 17 | 0 | | 4 | 1012 | 0 | -9223372036854775808 | 2747 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4 | 136 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 12:00:15 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully updated NIC NDIS QoS with Miniport NIC /DEVICE/{71EB9022-65EA-471F-9757-7EF6C15F24EF} (Friendly Name: Microsoft Hyper-V Network Adapter #2) | 191 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2746 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4 | 136 | hv-cinder-79617 | | 10/31/2022 12:00:15 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic /DEVICE/{71EB9022-65EA-471F-9757-7EF6C15F24EF} (Friendly Name: ). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2745 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 4 | 136 | hv-cinder-79617 | | 10/31/2022 12:00:15 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The miniport 'Microsoft Hyper-V Network Adapter #2' was successfully initialized | 3 | 0 | | 4 | 1002 | 0 | -9223372036854775808 | 2744 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 228 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 12:00:15 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Miniport NIC 'Microsoft Hyper-V Network Adapter #2' connected | 12 | 0 | | 4 | 1003 | 0 | -9223372036854775808 | 2743 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 140 | 1400 | hv-cinder-79617 | | 10/31/2022 12:00:15 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The name "HV-CINDER-79617:0" could not be registered on the interface with IP address 10.222.0.20. The computer with the IP address 10.222.0.26 did not allow the name to be claimed by this computer. | 4321 | | 49152 | 2 | 0 | | 36028797018963968 | 2742 | NetBT | | System | | | hv-cinder-79617 | | 10/31/2022 12:00:15 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The VM and host networking components successfully negotiated protocol version '6.1' | 1 | 0 | | 4 | 1001 | 0 | -9223372036854775808 | 2741 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 228 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 12:00:15 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Miniport NIC 'Microsoft Hyper-V Network Adapter #2' is halting | 6 | 0 | | 4 | 1003 | 0 | -9223372036854775808 | 2740 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 136 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 12:00:15 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Isatap interface isatap.openstacklocal is no longer active. | 4201 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2739 | Microsoft-Windows-Iphlpsvc | 66a5c15c-4f8e-4044-bf6e-71d896038977 | System | 548 | 3000 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 12:00:15 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Miniport NIC 'Microsoft Hyper-V Network Adapter #2' paused | 10 | 0 | | 4 | 1003 | 0 | -9223372036854775808 | 2738 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 136 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 12:00:15 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20 (Friendly Name: br-data) successfully initialized. | 9 | 0 | | 4 | 1005 | 0 | -9223372036854775808 | 2737 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2572 | 1316 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 12:00:14 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NIC 46A22C84-A6BB-4FB0-AC26-0F678D711B20 (Friendly Name: br-data) successfully connected to port 46A22C84-A6BB-4FB0-AC26-0F678D711B20 (Friendly Name: br-data) on switch 46A22C84-A6BB-4FB0-AC26-0F678D711B20(Friendly Name: br-data). | 232 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2736 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2572 | 1316 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 12:00:14 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operation 'Create' succeeded on nic 46A22C84-A6BB-4FB0-AC26-0F678D711B20 (Friendly Name: br-data). | 233 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2735 | Microsoft-Windows-Hyper-V-VmSwitch | 67dc0d66-3695-47c0-9642-33f76f7bd7ad | System | 2572 | 1316 | hv-cinder-79617 | | 10/31/2022 12:00:14 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Driver Management concluded the process to install driver wvms_mp.inf_amd64_e1065995a017ab1b\wvms_mp.inf for Device Instance ID ROOT\VMS_VSMP\0000 with the following status: 0x0. | 20001 | 0 | | 4 | 7005 | 0 | -9223372036854775808 | 2734 | Microsoft-Windows-UserPnp | 96f4a050-7e31-453c-88be-9634f4e02139 | System | 4032 | 1372 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 12:00:14 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A service was installed in the system.
Service Name: VMSMP
Service File Name: \SystemRoot\System32\drivers\vmswitch.sys
Service Type: kernel mode driver
Service Start Type: demand start
Service Account: | 7045 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2733 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1692 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 12:00:13 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Downloaded Maps Manager service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2732 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1692 | hv-cinder-79617 | | 10/31/2022 12:00:11 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Portable Device Enumerator Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2731 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1692 | hv-cinder-79617 | | 10/31/2022 12:00:09 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2730 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:08 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the neutron-hyperv-agent service was changed from auto start to demand start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2729 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1692 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:07 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A service was installed in the system.
Service Name: neutron-hyperv-agent
Service File Name: c:\openstack\bin\OpenStackService.exe neutron-hyperv-agent c:\python38\scripts\neutron-hyperv-agent.exe --config-file c:\openstack\etc\neutron-hyperv-agent.conf
Service Type: user mode service
Service Start Type: auto start
Service Account: LocalSystem | 7045 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2728 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1692 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:07 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the cinder-backup service was changed from auto start to demand start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2727 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1692 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:05 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A service was installed in the system.
Service Name: cinder-backup
Service File Name: c:\openstack\bin\OpenStackService.exe cinder-backup c:\python38\scripts\cinder-backup.exe --config-file c:\openstack\etc\cinder-backup.conf
Service Type: user mode service
Service Start Type: auto start
Service Account: LocalSystem | 7045 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2726 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 864 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:04 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The User Access Logging Service service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2725 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 864 | hv-cinder-79617 | | 10/31/2022 12:00:03 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the cinder-volume service was changed from auto start to demand start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2724 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:03 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A service was installed in the system.
Service Name: cinder-volume
Service File Name: c:\openstack\bin\OpenStackService.exe cinder-volume c:\python38\scripts\cinder-volume.exe --config-file c:\openstack\etc\cinder-volume.conf
Service Type: user mode service
Service Start Type: auto start
Service Account: LocalSystem | 7045 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2723 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:02 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Distributed Transaction Coordinator service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2722 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:00:01 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Downloaded Maps Manager service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2721 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:00:01 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Diagnostic System Host service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2720 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:00:01 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Diagnostic Policy Service service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2719 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:00:01 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the nova-compute service was changed from auto start to demand start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2718 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 12:00:01 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Connected Devices Platform Service service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2717 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 12:00:00 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The system uptime is 144 seconds. | 6013 | | 32768 | 4 | 0 | | 36028797018963968 | 2716 | EventLog | | System | | | hv-cinder-79617 | | 10/31/2022 12:00:00 PM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A service was installed in the system.
Service Name: nova-compute
Service File Name: c:\openstack\bin\OpenStackService.exe nova-compute c:\python38\scripts\nova-compute.exe --config-file c:\openstack\etc\nova.conf
Service Type: user mode service
Service Start Type: auto start
Service Account: LocalSystem | 7045 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2715 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 11:59:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2714 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 11:59:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The IKE and AuthIP IPsec Keying Modules service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2713 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1480 | hv-cinder-79617 | | 10/31/2022 11:59:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the IKE and AuthIP IPsec Keying Modules service was changed from demand start to auto start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2712 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1480 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:59:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2711 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1000 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 11:59:52 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2710 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1000 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 11:59:36 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2709 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1000 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 11:59:32 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2708 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1000 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 11:59:29 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2707 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1000 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 11:59:12 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The sppsvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2706 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1692 | hv-cinder-79617 | | 10/31/2022 11:59:07 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The system time has changed to ?2022?-?10?-?31T11:58:59.813000000Z from ?2022?-?10?-?31T11:58:59.828491700Z.
Change Reason: An application or system component changed the time. | 1 | 1 | | 4 | 5 | 0 | -9223372036854775792 | 2705 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1444 | 1516 | hv-cinder-79617 | S-1-5-19 | 10/31/2022 11:58:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2704 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1612 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 11:58:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The cloudbase-init service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2703 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1480 | hv-cinder-79617 | | 10/31/2022 11:58:48 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The PolicyAgent service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2702 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1692 | hv-cinder-79617 | | 10/31/2022 11:58:45 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| SSL Certificate Settings created by an admin process for endpoint : 0.0.0.0:5986 . | 15301 | 0 | 32768 | 3 | 0 | 0 | 36028797018963968 | 2701 | Microsoft-Windows-HttpEvent | 7b6bc78c-898b-4170-bbf8-1a469ea43fc5 | System | 4 | 856 | hv-cinder-79617 | | 10/31/2022 11:58:44 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Reservation for namespace identified by URL prefix https://+:5986/wsman/ was successfully added. | 15007 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 2700 | Microsoft-Windows-HttpEvent | 7b6bc78c-898b-4170-bbf8-1a469ea43fc5 | System | 4 | 856 | hv-cinder-79617 | | 10/31/2022 11:58:44 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Reservation for namespace identified by URL prefix https://+:5986/wsman/ was successfully deleted. | 15008 | 0 | 16384 | 4 | 0 | 0 | 36028797018963968 | 2699 | Microsoft-Windows-HttpEvent | 7b6bc78c-898b-4170-bbf8-1a469ea43fc5 | System | 4 | 856 | hv-cinder-79617 | | 10/31/2022 11:58:44 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The vds service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2698 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1480 | hv-cinder-79617 | | 10/31/2022 11:58:41 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service stopped. | 4 | | 16896 | 4 | 0 | | 36028797018963968 | 2697 | Virtual Disk Service | | System | | | hv-cinder-79617 | | 10/31/2022 11:58:41 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The vds service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2696 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1480 | hv-cinder-79617 | | 10/31/2022 11:58:38 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service started. | 3 | | 16896 | 4 | 0 | | 36028797018963968 | 2695 | Virtual Disk Service | | System | | | hv-cinder-79617 | | 10/31/2022 11:58:38 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\Admin SID (S-1-5-21-4043990731-1890287005-2753219590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2694 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1000 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1001 | 10/31/2022 11:58:36 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The name "HV-CINDER-79617:0" could not be registered on the interface with IP address 192.168.0.15. The computer with the IP address 192.168.0.32 did not allow the name to be claimed by this computer. | 4321 | | 49152 | 2 | 0 | | 36028797018963968 | 2693 | NetBT | | System | | | hv-cinder-79617 | | 10/31/2022 11:58:35 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The name "HV-CINDER-79617:0" could not be registered on the interface with IP address 10.222.0.20. The computer with the IP address 10.222.0.26 did not allow the name to be claimed by this computer. | 4321 | | 49152 | 2 | 0 | | 36028797018963968 | 2692 | NetBT | | System | | | hv-cinder-79617 | | 10/31/2022 11:58:35 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The TBS device identifier has been generated. | 1282 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2691 | Microsoft-Windows-TPM-WMI | 7d5387b0-cbe0-11da-a94d-0800200c9a66 | System | 3128 | 3288 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:58:20 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The time service is now synchronizing the system time with the time source time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->40.119.148.38:123). | 35 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2690 | Microsoft-Windows-Time-Service | 06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb | System | 1444 | 1580 | hv-cinder-79617 | S-1-5-19 | 10/31/2022 11:58:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\cloudbase-init SID (S-1-5-21-4043990731-1890287005-2753219590-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2689 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1000 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1000 | 10/31/2022 11:58:10 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The TrustedInstaller service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2688 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1480 | hv-cinder-79617 | | 10/31/2022 11:58:10 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The NcaSvc service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2687 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1480 | hv-cinder-79617 | | 10/31/2022 11:58:09 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy settings for the computer were processed successfully. New settings from 1 Group Policy objects were detected and applied. | 1502 | 0 | | 4 | 0 | 1 | -9223372036854775808 | 2686 | Microsoft-Windows-GroupPolicy | aea1b4fa-97d1-45f2-a64c-4d69fffd92c9 | System | 548 | 3384 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:58:09 AM | 8b27519d-0e5d-45f1-ac58-7adbe1462b39 | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Connected Devices Platform Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2685 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 11:58:07 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The wuauserv service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2684 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 11:58:05 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The cloudbase-init service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2683 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 11:58:05 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HV-CINDER-79617\cloudbase-init SID (S-1-5-21-4043990731-1890287005-2753219590-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2682 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 952 | 1000 | hv-cinder-79617 | S-1-5-21-4043990731-1890287005-2753219590-1000 | 10/31/2022 11:58:04 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The LicenseManager service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2681 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1644 | hv-cinder-79617 | | 10/31/2022 11:58:04 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| This event triggers the TBS device identifier generation. | 1281 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2680 | Microsoft-Windows-TPM-WMI | 7d5387b0-cbe0-11da-a94d-0800200c9a66 | System | 548 | 2036 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:58:04 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The SessionEnv service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2679 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1644 | hv-cinder-79617 | | 10/31/2022 11:58:03 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Certificate Propagation service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2678 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1644 | hv-cinder-79617 | | 10/31/2022 11:58:03 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The UmRdpService service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2677 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1692 | hv-cinder-79617 | | 10/31/2022 11:58:03 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The name "HV-CINDER-79617:0" could not be registered on the interface with IP address 192.168.0.15. The computer with the IP address 192.168.0.32 did not allow the name to be claimed by this computer. | 4321 | | 49152 | 2 | 0 | | 36028797018963968 | 2676 | NetBT | | System | | | hv-cinder-79617 | | 10/31/2022 11:58:02 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The TermService service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2675 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1692 | hv-cinder-79617 | | 10/31/2022 11:58:02 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the cloudbase-init service was changed from demand start to auto start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2674 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1692 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:58:02 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| A new self signed certificate to be used for RD Session Host Server authentication on SSL connections was generated. The name on this certificate is hv-cinder-79617. The SHA1 hash of the certificate is in the event data. | 1056 | 0 | 49152 | 4 | 0 | 0 | 36028797018963968 | 2673 | Microsoft-Windows-TerminalServices-RemoteConnectionManager | c76baa63-ae81-421c-b425-340b4b24157f | System | 0 | 0 | hv-cinder-79617 | | 10/31/2022 11:58:03 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The KeyIso service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2672 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1692 | hv-cinder-79617 | | 10/31/2022 11:58:01 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The vmcompute service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2671 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1692 | hv-cinder-79617 | | 10/31/2022 11:58:01 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The name "HV-CINDER-79617:0" could not be registered on the interface with IP address 192.168.0.15. The computer with the IP address 192.168.0.32 did not allow the name to be claimed by this computer. | 4321 | | 49152 | 2 | 0 | | 36028797018963968 | 2670 | NetBT | | System | | | hv-cinder-79617 | | 10/31/2022 11:58:01 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The name "HV-CINDER-79617:0" could not be registered on the interface with IP address 10.222.0.20. The computer with the IP address 10.222.0.26 did not allow the name to be claimed by this computer. | 4321 | | 49152 | 2 | 0 | | 36028797018963968 | 2669 | NetBT | | System | | | hv-cinder-79617 | | 10/31/2022 11:58:01 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The ClipSVC service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2668 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1664 | hv-cinder-79617 | | 10/31/2022 11:58:01 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The swprv service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2667 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1692 | hv-cinder-79617 | | 10/31/2022 11:58:01 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'WdFilter' (10.0, ?1978?-?03?-?07T02:59:33.000000000Z) has successfully loaded and registered with Filter Manager. | 6 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2666 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 32 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The DmEnrollmentSvc service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2665 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1644 | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The DmEnrollmentSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2664 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1644 | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Isatap interface isatap.openstacklocal with address fe80::5efe:192.168.0.15 has been brought up. | 4200 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2663 | Microsoft-Windows-Iphlpsvc | 66a5c15c-4f8e-4044-bf6e-71d896038977 | System | 548 | 2768 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Isatap interface isatap.openstacklocal with address fe80::5efe:10.222.0.20 has been brought up. | 4200 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2662 | Microsoft-Windows-Iphlpsvc | 66a5c15c-4f8e-4044-bf6e-71d896038977 | System | 548 | 2768 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'WdFilter' (Version 10.0, ?1978?-?03?-?07T02:59:33.000000000Z) unloaded successfully. | 1 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2661 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 136 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The vmms service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2660 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1644 | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The name "HV-CINDER-79617:0" could not be registered on the interface with IP address 192.168.0.15. The computer with the IP address 192.168.0.32 did not allow the name to be claimed by this computer. | 4321 | | 49152 | 2 | 0 | | 36028797018963968 | 2659 | NetBT | | System | | | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The name "HV-CINDER-79617:0" could not be registered on the interface with IP address 10.222.0.20. The computer with the IP address 10.222.0.26 did not allow the name to be claimed by this computer. | 4321 | | 49152 | 2 | 0 | | 36028797018963968 | 2658 | NetBT | | System | | | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following boot-start or system-start driver(s) did not load:
dam | 7026 | 0 | 49152 | 4 | 0 | 0 | -9187343239835811840 | 2657 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 804 | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WinDefend service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2656 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 876 | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The DiagTrack service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2655 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 876 | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WinRM service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2654 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 876 | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The iphlpsvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2653 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 876 | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WpnService service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2652 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 876 | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The name "HV-CINDER-79617:20" could not be registered on the interface with IP address 192.168.0.15. The computer with the IP address 192.168.0.32 did not allow the name to be claimed by this computer. | 4321 | | 49152 | 2 | 0 | | 36028797018963968 | 2651 | NetBT | | System | | | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The name "HV-CINDER-79617:20" could not be registered on the interface with IP address 10.222.0.20. The computer with the IP address 10.222.0.26 did not allow the name to be claimed by this computer. | 4321 | | 49152 | 2 | 0 | | 36028797018963968 | 2650 | NetBT | | System | | | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The LanmanServer service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2649 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 876 | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WLMS service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2648 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1480 | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The PcaSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2647 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1640 | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The RemoteRegistry service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2646 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 884 | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The TrkWks service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2645 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1724 | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Spooler service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2644 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1724 | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->40.119.148.38:123). | 37 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2643 | Microsoft-Windows-Time-Service | 06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb | System | 1444 | 1508 | hv-cinder-79617 | S-1-5-19 | 10/31/2022 11:57:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The MpsSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2642 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 888 | hv-cinder-79617 | | 10/31/2022 11:57:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The SamSs service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2641 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 888 | hv-cinder-79617 | | 10/31/2022 11:57:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The wlidsvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2640 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 888 | hv-cinder-79617 | | 10/31/2022 11:57:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The BFE service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2639 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 888 | hv-cinder-79617 | | 10/31/2022 11:57:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The LanmanWorkstation service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2638 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1944 | hv-cinder-79617 | | 10/31/2022 11:57:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The name "HV-CINDER-79617:0" could not be registered on the interface with IP address 10.222.0.20. The computer with the IP address 10.222.0.26 did not allow the name to be claimed by this computer. | 4321 | | 49152 | 2 | 0 | | 36028797018963968 | 2637 | NetBT | | System | | | hv-cinder-79617 | | 10/31/2022 11:57:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WbioSrvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2636 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1480 | hv-cinder-79617 | | 10/31/2022 11:57:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The FontCache service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2635 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 884 | hv-cinder-79617 | | 10/31/2022 11:57:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The ShellHWDetection service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2634 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1644 | hv-cinder-79617 | | 10/31/2022 11:57:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The wudfsvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2633 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1644 | hv-cinder-79617 | | 10/31/2022 11:57:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The UserManager service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2632 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1644 | hv-cinder-79617 | | 10/31/2022 11:57:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The TimeBrokerSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2631 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1948 | hv-cinder-79617 | | 10/31/2022 11:57:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Wcmsvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2630 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 888 | hv-cinder-79617 | | 10/31/2022 11:57:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WinRM service is listening for WS-Management requests.
User Action
Use the following command to see the specific IPs on which WinRM is listening:
winrm enumerate winrm/config/listener | 10148 | 0 | 7 | 4 | 0 | 0 | 36028797018963968 | 2629 | Microsoft-Windows-WinRM | a7975c8f-ac13-49f1-87da-5a984a4ab417 | System | 0 | 0 | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The server could not bind to the transport \Device\NetBT_Tcpip_{71EB9022-65EA-471F-9757-7EF6C15F24EF} because another computer on the network has the same name. The server could not start. | 2505 | | 49152 | 2 | 0 | | 36028797018963968 | 2628 | Server | | System | | | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The server could not bind to the transport \Device\NetBT_Tcpip_{C0F14E24-706A-4518-82A8-27875F1CF050} because another computer on the network has the same name. The server could not start. | 2505 | | 49152 | 2 | 0 | | 36028797018963968 | 2627 | Server | | System | | | hv-cinder-79617 | | 10/31/2022 11:58:00 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Schedule service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2626 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1948 | hv-cinder-79617 | | 10/31/2022 11:57:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WinTarget service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2625 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1684 | hv-cinder-79617 | | 10/31/2022 11:57:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The gpsvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2624 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1480 | hv-cinder-79617 | | 10/31/2022 11:57:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Themes service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2623 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1480 | hv-cinder-79617 | | 10/31/2022 11:57:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Winmgmt service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2622 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1480 | hv-cinder-79617 | | 10/31/2022 11:57:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The VSS service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2621 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1480 | hv-cinder-79617 | | 10/31/2022 11:57:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The vmicrdv service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2620 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1644 | hv-cinder-79617 | | 10/31/2022 11:57:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The SENS service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2619 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1644 | hv-cinder-79617 | | 10/31/2022 11:57:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WinHttpAutoProxySvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2618 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1480 | hv-cinder-79617 | | 10/31/2022 11:57:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The vmicvss service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2617 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1480 | hv-cinder-79617 | | 10/31/2022 11:57:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The EventSystem service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2616 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 888 | hv-cinder-79617 | | 10/31/2022 11:57:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'storqosflt' (10.0, ?2018?-?01?-?01T04:48:05.000000000Z) has successfully loaded and registered with Filter Manager. | 6 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2615 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 1720 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The vmicheartbeat service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2614 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1676 | hv-cinder-79617 | | 10/31/2022 11:57:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'wcifs' (10.0, ?2018?-?01?-?01T04:48:57.000000000Z) has successfully loaded and registered with Filter Manager. | 6 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2613 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 1720 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'luafv' (10.0, ?2017?-?11?-?01T22:09:40.000000000Z) has successfully loaded and registered with Filter Manager. | 6 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2612 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 32 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The NcbService service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2611 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1640 | hv-cinder-79617 | | 10/31/2022 11:57:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WPDBusEnum service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2610 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1640 | hv-cinder-79617 | | 10/31/2022 11:57:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The system time has changed to ?2022?-?10?-?31T11:57:58.413000000Z from ?2022?-?10?-?31T11:57:57.619132000Z.
Change Reason: An application or system component changed the time. | 1 | 1 | | 4 | 5 | 0 | -9223372036854775792 | 2609 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1436 | 2032 | hv-cinder-79617 | S-1-5-19 | 10/31/2022 11:57:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The DsmSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2608 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1640 | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The netprofm service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2607 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1640 | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The vmickvpexchange service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2606 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1640 | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The vmictimesync service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2605 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1640 | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The vmicshutdown service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2604 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1640 | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The AppReadiness service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2603 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1964 | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The HvHost service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2602 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1692 | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The lmhosts service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2601 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1672 | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The NlaSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2600 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1672 | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Dnscache service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2599 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 876 | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The ProfSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2598 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1684 | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The BrokerInfrastructure service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2597 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 1616 | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Dhcp service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2596 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 876 | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| DHCPv6 client service is started | 51046 | 0 | | 4 | 4 | 62 | 2305843009213693952 | 2595 | Microsoft-Windows-DHCPv6-Client | 6a1f2b00-6a90-4c38-95a5-5cab3b056778 | System | 1436 | 1576 | hv-cinder-79617 | S-1-5-19 | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | ServiceStart | Service State Event | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| DHCPv4 client service is started | 50036 | 0 | | 4 | 4 | 68 | 2305843009213693952 | 2594 | Microsoft-Windows-Dhcp-Client | 15a7a4f8-0072-4eab-abad-f98a4d666aed | System | 1436 | 1548 | hv-cinder-79617 | S-1-5-19 | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | ServiceStart | Service State Event | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The nsi service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2593 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 884 | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The W32Time service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2592 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 884 | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The EventLog service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2591 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 884 | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The CryptSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2590 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 876 | hv-cinder-79617 | | 10/31/2022 11:57:53 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Successfully logged OS information | 2004 | 0 | | 4 | 4000 | 0 | 2305983746702049280 | 2589 | Microsoft-Windows-Setup | 75ebc33e-997f-49cf-b49f-ecc50184b75d | System | 1188 | 1192 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:51 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | OS information | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The tiledatamodelsvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2588 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 888 | hv-cinder-79617 | | 10/31/2022 11:57:44 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The AppXSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2587 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 888 | hv-cinder-79617 | | 10/31/2022 11:57:44 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The StateRepository service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2586 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 888 | hv-cinder-79617 | | 10/31/2022 11:57:44 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The dmwappushservice service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2585 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 888 | hv-cinder-79617 | | 10/31/2022 11:57:44 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The CoreMessagingRegistrar service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2584 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 888 | hv-cinder-79617 | | 10/31/2022 11:57:44 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The NetSetupSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2583 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 888 | hv-cinder-79617 | | 10/31/2022 11:57:44 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The DeviceInstall service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2582 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 888 | hv-cinder-79617 | | 10/31/2022 11:57:43 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The SystemEventsBroker service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2581 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 888 | hv-cinder-79617 | | 10/31/2022 11:57:43 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The sppsvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2580 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 888 | hv-cinder-79617 | | 10/31/2022 11:57:43 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The LSM service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2579 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 876 | hv-cinder-79617 | | 10/31/2022 11:57:43 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The RpcSs service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2578 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 876 | hv-cinder-79617 | | 10/31/2022 11:57:43 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The RpcEptMapper service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2577 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 884 | hv-cinder-79617 | | 10/31/2022 11:57:43 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The DcomLaunch service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2576 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 884 | hv-cinder-79617 | | 10/31/2022 11:57:43 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Power service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2575 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 884 | hv-cinder-79617 | | 10/31/2022 11:57:43 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The PlugPlay service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2574 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 800 | 884 | hv-cinder-79617 | | 10/31/2022 11:57:42 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA).
For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. | 16962 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2573 | Microsoft-Windows-Directory-Services-SAM | 0d4fdc09-8c27-494a-bda0-505e4fd8adae | System | 816 | 820 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:42 AM | f750069d-ed1f-0005-a006-50f71fedd801 | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Credential Guard (LsaIso.exe) configuration: 0x0, 0 | 14 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 2572 | Microsoft-Windows-Wininit | 206f6dea-d3c5-4d10-bc72-989f03c8b84b | System | 684 | 688 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:41 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Miniport NIC 'Microsoft Hyper-V Network Adapter #2' restarted | 11 | 0 | | 4 | 1003 | 0 | -9223372036854775808 | 2571 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 384 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Miniport NIC 'Microsoft Hyper-V Network Adapter' restarted | 11 | 0 | | 4 | 1003 | 0 | -9223372036854775808 | 2570 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 508 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The miniport 'Microsoft Hyper-V Network Adapter #2' was successfully initialized | 3 | 0 | | 4 | 1002 | 0 | -9223372036854775808 | 2569 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 384 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The miniport 'Microsoft Hyper-V Network Adapter' was successfully initialized | 3 | 0 | | 4 | 1002 | 0 | -9223372036854775808 | 2568 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 136 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Miniport NIC 'Microsoft Hyper-V Network Adapter #2' connected | 12 | 0 | | 4 | 1003 | 0 | -9223372036854775808 | 2567 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 0 | 0 | hv-cinder-79617 | | 10/31/2022 11:57:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Miniport NIC 'Microsoft Hyper-V Network Adapter' connected | 12 | 0 | | 4 | 1003 | 0 | -9223372036854775808 | 2566 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 0 | 0 | hv-cinder-79617 | | 10/31/2022 11:57:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Processor 5 in group 0 exposes the following power management capabilities:
Idle state type: ACPI Idle (C) States (1 state(s))
Performance state type: None
Nominal Frequency (MHz): 1995
Maximum performance percentage: 100
Minimum performance percentage: 100
Minimum throttle percentage: 100 | 55 | 0 | | 4 | 47 | 0 | -9223372036854775808 | 2565 | Microsoft-Windows-Kernel-Processor-Power | 0f67e49f-fe51-4e9f-b490-6f2948cc6027 | System | 4 | 228 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Processor 4 in group 0 exposes the following power management capabilities:
Idle state type: ACPI Idle (C) States (1 state(s))
Performance state type: None
Nominal Frequency (MHz): 1995
Maximum performance percentage: 100
Minimum performance percentage: 100
Minimum throttle percentage: 100 | 55 | 0 | | 4 | 47 | 0 | -9223372036854775808 | 2564 | Microsoft-Windows-Kernel-Processor-Power | 0f67e49f-fe51-4e9f-b490-6f2948cc6027 | System | 4 | 228 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Processor 3 in group 0 exposes the following power management capabilities:
Idle state type: ACPI Idle (C) States (1 state(s))
Performance state type: None
Nominal Frequency (MHz): 1995
Maximum performance percentage: 100
Minimum performance percentage: 100
Minimum throttle percentage: 100 | 55 | 0 | | 4 | 47 | 0 | -9223372036854775808 | 2563 | Microsoft-Windows-Kernel-Processor-Power | 0f67e49f-fe51-4e9f-b490-6f2948cc6027 | System | 4 | 228 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Processor 2 in group 0 exposes the following power management capabilities:
Idle state type: ACPI Idle (C) States (1 state(s))
Performance state type: None
Nominal Frequency (MHz): 1995
Maximum performance percentage: 100
Minimum performance percentage: 100
Minimum throttle percentage: 100 | 55 | 0 | | 4 | 47 | 0 | -9223372036854775808 | 2562 | Microsoft-Windows-Kernel-Processor-Power | 0f67e49f-fe51-4e9f-b490-6f2948cc6027 | System | 4 | 228 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Processor 1 in group 0 exposes the following power management capabilities:
Idle state type: ACPI Idle (C) States (1 state(s))
Performance state type: None
Nominal Frequency (MHz): 1995
Maximum performance percentage: 100
Minimum performance percentage: 100
Minimum throttle percentage: 100 | 55 | 0 | | 4 | 47 | 0 | -9223372036854775808 | 2561 | Microsoft-Windows-Kernel-Processor-Power | 0f67e49f-fe51-4e9f-b490-6f2948cc6027 | System | 4 | 228 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Processor 0 in group 0 exposes the following power management capabilities:
Idle state type: ACPI Idle (C) States (1 state(s))
Performance state type: None
Nominal Frequency (MHz): 1995
Maximum performance percentage: 100
Minimum performance percentage: 100
Minimum throttle percentage: 100 | 55 | 0 | | 4 | 47 | 0 | -9223372036854775808 | 2560 | Microsoft-Windows-Kernel-Processor-Power | 0f67e49f-fe51-4e9f-b490-6f2948cc6027 | System | 4 | 228 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The VM and host networking components successfully negotiated protocol version '6.1' | 1 | 0 | | 4 | 1001 | 0 | -9223372036854775808 | 2559 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 384 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The VM and host networking components successfully negotiated protocol version '6.1' | 1 | 0 | | 4 | 1001 | 0 | -9223372036854775808 | 2558 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 136 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The system has been constrained to a periodic tick
Reason: No HW support. | 508 | 0 | | 4 | 159 | 0 | -9223372036854774780 | 2557 | Microsoft-Windows-Kernel-Power | 331c3b3a-2005-44c2-ac5e-77220c37d6b4 | System | 4 | 8 | hv-cinder-79617 | | 10/31/2022 11:57:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Connectivity state in standby: Disconnected, Reason: NIC compliance | 172 | 0 | | 4 | 203 | 0 | -9223372036854774780 | 2556 | Microsoft-Windows-Kernel-Power | 331c3b3a-2005-44c2-ac5e-77220c37d6b4 | System | 4 | 188 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'npsvctrig' (10.0, ?2016?-?07?-?16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. | 6 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2555 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 8 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:36 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The service entered the Driver load complete state. | 7036 | | 16384 | 4 | 0 | | 36028797018963968 | 2554 | VfpExt | | System | | | hv-cinder-79617 | | 10/31/2022 11:57:36 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'FileCrypt' (10.0, ?2016?-?07?-?16T02:22:39.000000000Z) has successfully loaded and registered with Filter Manager. | 6 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2553 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 8 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:36 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Volume C: (\Device\HarddiskVolume1) is healthy. No action is needed. | 98 | 0 | | 4 | 0 | 0 | -9223372036854775806 | 2552 | Microsoft-Windows-Ntfs | 3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482 | System | 4 | 228 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:36 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'WdFilter' (10.0, ?1978?-?03?-?07T02:59:33.000000000Z) has successfully loaded and registered with Filter Manager. | 6 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2551 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 8 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:36 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'Wof' (10.0, ?2017?-?10?-?09T01:58:20.000000000Z) has successfully loaded and registered with Filter Manager. | 6 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2550 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 8 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:36 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Secure Kernel started with status STATUS_SUCCESS and flags 0. | 3 | 0 | | 4 | 0 | 0 | -9223301668110598144 | 2549 | Microsoft-Windows-IsolatedUserMode | 73a33ab2-1966-4999-8add-868c41415269 | System | 4 | 8 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:35 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Hypervisor initialized I/O remapping.
Hardware present: false
Hardware enabled: false
Policy: 0x0
Enabled features: 0x0
Internal information: 0x0
Problems: 0x0
Additional information: 0x0 | 129 | 0 | | 4 | 0 | 0 | -9223301668110598144 | 2548 | Microsoft-Windows-Hyper-V-Hypervisor | 52fc89f8-995e-434c-a91e-199986449890 | System | 4 | 8 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:35 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Hypervisor scheduler type is 0x1. | 2 | 0 | | 4 | 0 | 0 | -9223301668110598144 | 2547 | Microsoft-Windows-Hyper-V-Hypervisor | 52fc89f8-995e-434c-a91e-199986449890 | System | 4 | 8 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:35 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Hypervisor successfully started. | 1 | 0 | | 4 | 0 | 0 | -9223301668110598144 | 2546 | Microsoft-Windows-Hyper-V-Hypervisor | 52fc89f8-995e-434c-a91e-199986449890 | System | 4 | 8 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:35 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The bootmgr spent 0 ms waiting for user input. | 32 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2545 | Microsoft-Windows-Kernel-Boot | 15ca44ff-4d7a-4baa-bba5-0998955e531e | System | 4 | 8 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:35 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| There are 0x1 boot options on this system. | 18 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2544 | Microsoft-Windows-Kernel-Boot | 15ca44ff-4d7a-4baa-bba5-0998955e531e | System | 4 | 8 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:35 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The boot menu policy was 0x0. | 25 | 0 | | 4 | 32 | 0 | -9223372036854775808 | 2543 | Microsoft-Windows-Kernel-Boot | 15ca44ff-4d7a-4baa-bba5-0998955e531e | System | 4 | 8 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:35 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The boot type was 0x0. | 27 | 1 | | 4 | 33 | 0 | -9223372036854775808 | 2542 | Microsoft-Windows-Kernel-Boot | 15ca44ff-4d7a-4baa-bba5-0998955e531e | System | 4 | 8 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:35 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The last shutdown's success status was true. The last boot's success status was true. | 20 | 0 | | 4 | 31 | 0 | -9223372036854775808 | 2541 | Microsoft-Windows-Kernel-Boot | 15ca44ff-4d7a-4baa-bba5-0998955e531e | System | 4 | 8 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:35 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Virtualization Based Security (policies: VBS Enabled,VSM Required,Boot Chain Signer Soft Enforced) is enabled due to HyperV with status STATUS_SUCCESS. | 153 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2540 | Microsoft-Windows-Kernel-Boot | 15ca44ff-4d7a-4baa-bba5-0998955e531e | System | 4 | 8 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:35 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operating system started at system time ?2022?-?10?-?31T11:57:35.491588500Z. | 12 | 0 | | 4 | 1 | 0 | -9223372036854775680 | 2539 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 4 | 8 | hv-cinder-79617 | S-1-5-18 | 10/31/2022 11:57:35 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operating system is shutting down at system time ?2022?-?10?-?31T11:57:28.615477300Z. | 13 | 0 | | 4 | 2 | 0 | -9223372036854775680 | 2538 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 4 | 1108 | hv-cinder-79617 | | 10/31/2022 11:57:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The kernel power manager has initiated a shutdown transition.
Shutdown Reason: Kernel API | 109 | 0 | | 4 | 103 | 0 | -9223301668110597116 | 2537 | Microsoft-Windows-Kernel-Power | 331c3b3a-2005-44c2-ac5e-77220c37d6b4 | System | 696 | 700 | hv-cinder-79617 | | 10/31/2022 11:57:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Defender Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2536 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | hv-cinder-79617 | | 10/31/2022 11:57:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Event Log service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2535 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | hv-cinder-79617 | | 10/31/2022 11:57:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Task Scheduler service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2534 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | hv-cinder-79617 | | 10/31/2022 11:57:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The system uptime is 21 seconds. | 6013 | | 32768 | 4 | 0 | | 36028797018963968 | 2533 | EventLog | | System | | | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Event log service was started. | 6005 | | 32768 | 4 | 0 | | 36028797018963968 | 2532 | EventLog | | System | | | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. | 6009 | | 32768 | 4 | 0 | | 36028797018963968 | 2531 | EventLog | | System | | | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The NetBIOS name and DNS host name of this machine have been changed from WIN-KC9323184J7 to HV-CINDER-79617. | 6011 | | 32768 | 4 | 0 | | 36028797018963968 | 2530 | EventLog | | System | | | hv-cinder-79617 | | 10/31/2022 11:57:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Remote Management (WS-Management) service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2529 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Program Compatibility Assistant Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2528 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Cryptographic Services service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2527 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The State Repository Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2526 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Volume Shadow Copy service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2525 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Connection Manager service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2524 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Font Cache Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2523 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Management Instrumentation service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2522 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The AppX Deployment Service (AppXSVC) service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2521 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2520 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Time service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2519 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Distributed Link Tracking Client service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2518 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1428 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The system time has changed to ?2022?-?10?-?31T11:57:27.875000000Z from ?2022?-?10?-?31T11:57:27.889077800Z.
Change Reason: An application or system component changed the time. | 1 | 1 | | 4 | 5 | 0 | -9223372036854775792 | 2517 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1512 | 2308 | WIN-5T344G8GM1H | S-1-5-19 | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The User Profile Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2516 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The DHCP Client service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2515 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 888 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| DHCPv4 client service is stopped. ShutDown Flag value is 1 | 50037 | 0 | | 4 | 4 | 69 | 2305843009213693952 | 2514 | Microsoft-Windows-Dhcp-Client | 15a7a4f8-0072-4eab-abad-f98a4d666aed | System | 1300 | 1612 | WIN-5T344G8GM1H | S-1-5-19 | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | ServiceStop | Service State Event | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| DHCPv6 client service is stopped. ShutDown Flag value is 1 | 51047 | 0 | | 4 | 4 | 63 | 2305843009213693952 | 2513 | Microsoft-Windows-DHCPv6-Client | 6a1f2b00-6a90-4c38-95a5-5cab3b056778 | System | 1300 | 1696 | WIN-5T344G8GM1H | S-1-5-19 | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | ServiceStop | Service State Event | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Licensing Monitoring Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2512 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 888 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Device Install Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2511 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1432 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Plug and Play service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2510 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 2100 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The HV Host Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2509 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1436 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Device Setup Manager service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2508 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1288 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Connected User Experiences and Telemetry service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2507 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1380 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Hyper-V Volume Shadow Copy Requestor service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2506 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1380 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Event log service was stopped. | 6006 | | 32768 | 4 | 0 | | 36028797018963968 | 2505 | EventLog | | System | | | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WinRM service is not listening for WS-Management requests.
User Action
If you did not intentionally stop the service, use the following command to see the WinRM configuration:
winrm enumerate winrm/config/listener | 10149 | 0 | 7 | 3 | 0 | 0 | 36028797018963968 | 2504 | Microsoft-Windows-WinRM | a7975c8f-ac13-49f1-87da-5a984a4ab417 | System | 0 | 0 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Tile Data model server service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2503 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 872 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy Client service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2502 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 872 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Hyper-V Virtual Machine Management service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2501 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 872 | WIN-5T344G8GM1H | | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The process C:\windows\system32\winlogon.exe (WIN-5T344G8GM1H) has initiated the restart of computer WIN-KC9323184J7 on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Upgrade (Planned)
Reason Code: 0x80020003
Shutdown Type: restart
Comment: | 1074 | 0 | 32768 | 4 | 0 | 0 | -9187343239835811840 | 2500 | User32 | b0aa8734-56f7-41cc-b2f4-de228e98b946 | System | 612 | 628 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:57:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Virtual Disk service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2499 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 872 | WIN-5T344G8GM1H | | 10/31/2022 11:57:26 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service stopped. | 4 | | 16896 | 4 | 0 | | 36028797018963968 | 2498 | Virtual Disk Service | | System | | | WIN-5T344G8GM1H | | 10/31/2022 11:57:26 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Defender Network Inspection Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2497 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1380 | WIN-5T344G8GM1H | | 10/31/2022 11:57:24 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Defender Network Inspection Service service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2496 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1380 | WIN-5T344G8GM1H | | 10/31/2022 11:57:23 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Virtual Disk service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2495 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 900 | WIN-5T344G8GM1H | | 10/31/2022 11:57:23 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Service started. | 3 | | 16896 | 4 | 0 | | 36028797018963968 | 2494 | Virtual Disk Service | | System | | | WIN-5T344G8GM1H | | 10/31/2022 11:57:23 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2493 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 900 | WIN-5T344G8GM1H | | 10/31/2022 11:56:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Hive \??\C:\windows\System32\SMI\Store\Machine\SCHEMA.DAT was reorganized with a starting size of 12853248 bytes and an ending size of 11681792 bytes. | 15 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2492 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1184 | 1188 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:51 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Hive \??\C:\windows\System32\config\COMPONENTS was reorganized with a starting size of 71872512 bytes and an ending size of 56864768 bytes. | 15 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2491 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1184 | 1188 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:48 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The time service is now synchronizing the system time with the time source time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->40.119.148.38:123). | 35 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2490 | Microsoft-Windows-Time-Service | 06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb | System | 1512 | 1208 | WIN-5T344G8GM1H | S-1-5-19 | 10/31/2022 11:56:44 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2489 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1044 | 2940 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:39 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2488 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1044 | 2940 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:39 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2487 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1044 | 2940 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:39 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2486 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1044 | 2940 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:39 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost_10.0.14393.1715_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2485 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1044 | 2940 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:39 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.SecondaryTileExperience_10.0.0.0_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2484 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1044 | 2940 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:38 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2483 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1044 | 2940 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:38 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.CloudExperienceHost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2482 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1044 | 2940 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:38 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.AssignedAccessLockApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2481 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1044 | 2940 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2480 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1044 | 2940 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2479 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1044 | 2940 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BioEnrollment_10.0.14393.0_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2478 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1044 | 2940 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.AccountsControl_10.0.14393.1715_neutral__cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2477 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1044 | 2940 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:37 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat was cleared updating 0 keys and creating 0 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2476 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1044 | 2940 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:36 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\windows\AppCompat\Programs\Amcache.hve was cleared updating 629 keys and creating 196 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2475 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 2192 | 2480 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:35 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Driver Management concluded the process to install driver wvmbusvideo.inf_amd64_1f06cc897822eef5\wvmbusvideo.inf for Device Instance ID VMBUS\{DA0A7802-E377-4AAC-8E77-0558EB1073F8}\{5620E0C7-8062-4DCE-AEB7-520C7EF76171} with the following status: 0x0. | 20001 | 0 | | 4 | 7005 | 0 | -9223372036854775808 | 2474 | Microsoft-Windows-UserPnp | 96f4a050-7e31-453c-88be-9634f4e02139 | System | 2560 | 2620 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:34 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Driver Management has concluded the process to add Service HyperVideo for Device Instance ID VMBUS\{DA0A7802-E377-4AAC-8E77-0558EB1073F8}\{5620E0C7-8062-4DCE-AEB7-520C7EF76171} with the following status: 0. | 20003 | 0 | | 4 | 7005 | 0 | -9223372036854775808 | 2473 | Microsoft-Windows-UserPnp | 96f4a050-7e31-453c-88be-9634f4e02139 | System | 2560 | 2620 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:34 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Driver Management concluded the process to install driver msports.inf_amd64_280f71b0b084cc3b\msports.inf for Device Instance ID ACPI\PNP0501\1 with the following status: 0x0. | 20001 | 0 | | 4 | 7005 | 0 | -9223372036854775808 | 2472 | Microsoft-Windows-UserPnp | 96f4a050-7e31-453c-88be-9634f4e02139 | System | 2568 | 2616 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:33 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Driver Management has concluded the process to add Service Serenum for Device Instance ID ACPI\PNP0501\1 with the following status: 0. | 20003 | 0 | | 4 | 7005 | 0 | -9223372036854775808 | 2471 | Microsoft-Windows-UserPnp | 96f4a050-7e31-453c-88be-9634f4e02139 | System | 2568 | 2616 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:33 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Driver Management has concluded the process to add Service Serial for Device Instance ID ACPI\PNP0501\1 with the following status: 0. | 20003 | 0 | | 4 | 7005 | 0 | -9223372036854775808 | 2470 | Microsoft-Windows-UserPnp | 96f4a050-7e31-453c-88be-9634f4e02139 | System | 2568 | 2616 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:33 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Microsoft Account Sign-in Assistant service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2469 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1380 | WIN-5T344G8GM1H | | 10/31/2022 11:56:33 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Driver Management concluded the process to install driver msports.inf_amd64_280f71b0b084cc3b\msports.inf for Device Instance ID ACPI\PNP0501\2 with the following status: 0x0. | 20001 | 0 | | 4 | 7005 | 0 | -9223372036854775808 | 2468 | Microsoft-Windows-UserPnp | 96f4a050-7e31-453c-88be-9634f4e02139 | System | 2576 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:33 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Driver Management has concluded the process to add Service Serenum for Device Instance ID ACPI\PNP0501\2 with the following status: 0. | 20003 | 0 | | 4 | 7005 | 0 | -9223372036854775808 | 2467 | Microsoft-Windows-UserPnp | 96f4a050-7e31-453c-88be-9634f4e02139 | System | 2576 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:33 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Driver Management has concluded the process to add Service Serial for Device Instance ID ACPI\PNP0501\2 with the following status: 0. | 20003 | 0 | | 4 | 7005 | 0 | -9223372036854775808 | 2466 | Microsoft-Windows-UserPnp | 96f4a050-7e31-453c-88be-9634f4e02139 | System | 2576 | 2624 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:33 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Hyper-V Host Compute Service service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2465 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1384 | WIN-5T344G8GM1H | | 10/31/2022 11:56:33 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The time provider NtpClient is currently receiving valid time data from time.windows.com,0x8 (ntp.m|0x8|0.0.0.0:123->40.119.148.38:123). | 37 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2464 | Microsoft-Windows-Time-Service | 06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb | System | 1512 | 1548 | WIN-5T344G8GM1H | S-1-5-19 | 10/31/2022 11:56:30 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'WdFilter' (10.0, ?1978?-?03?-?07T02:59:33.000000000Z) has successfully loaded and registered with Filter Manager. | 6 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2463 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 472 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:29 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'WdFilter' (Version 10.0, ?1978?-?03?-?07T02:59:33.000000000Z) unloaded successfully. | 1 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2462 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 32 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:29 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WinDefend service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2461 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1384 | WIN-5T344G8GM1H | | 10/31/2022 11:56:29 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The vmms service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2460 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1384 | WIN-5T344G8GM1H | | 10/31/2022 11:56:29 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The following boot-start or system-start driver(s) did not load:
dam | 7026 | 0 | 49152 | 4 | 0 | 0 | -9187343239835811840 | 2459 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 816 | WIN-5T344G8GM1H | | 10/31/2022 11:56:29 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The DiagTrack service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2458 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1276 | WIN-5T344G8GM1H | | 10/31/2022 11:56:29 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WpnService service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2457 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1276 | WIN-5T344G8GM1H | | 10/31/2022 11:56:29 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WinRM service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2456 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1276 | WIN-5T344G8GM1H | | 10/31/2022 11:56:29 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WinTarget service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2455 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The CryptSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2454 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The LanmanServer service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2453 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The UserManager service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2452 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The W32Time service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2451 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The RemoteRegistry service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2450 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WLMS service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2449 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The iphlpsvc service terminated with the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. | 7023 | 0 | 49152 | 2 | 0 | 0 | -9187343239835811840 | 2448 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The iphlpsvc service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2447 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The TrkWks service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2446 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1380 | WIN-5T344G8GM1H | | 10/31/2022 11:56:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The PcaSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2445 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 888 | WIN-5T344G8GM1H | | 10/31/2022 11:56:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Spooler service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2444 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:56:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The TimeBrokerSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2443 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1272 | WIN-5T344G8GM1H | | 10/31/2022 11:56:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The SamSs service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2442 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The MpsSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2441 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1420 | WIN-5T344G8GM1H | | 10/31/2022 11:56:28 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WinRM service is listening for WS-Management requests.
User Action
Use the following command to see the specific IPs on which WinRM is listening:
winrm enumerate winrm/config/listener | 10148 | 0 | 7 | 4 | 0 | 0 | 36028797018963968 | 2440 | Microsoft-Windows-WinRM | a7975c8f-ac13-49f1-87da-5a984a4ab417 | System | 0 | 0 | WIN-5T344G8GM1H | | 10/31/2022 11:56:29 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The BFE service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2439 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1420 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The LanmanWorkstation service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2438 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1272 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WinHttpAutoProxySvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2437 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Schedule service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2436 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1420 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The ShellHWDetection service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2435 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1420 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WbioSrvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2434 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The wudfsvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2433 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The FontCache service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2432 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Wcmsvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2431 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Dnscache service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2430 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WinTarget service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2429 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 900 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The netprofm service terminated with the following error:
The device is not ready. | 7023 | 0 | 49152 | 2 | 0 | 0 | -9187343239835811840 | 2428 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1420 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The netprofm service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2427 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1420 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The NlaSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2426 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1400 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Winmgmt service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2425 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Dhcp service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2424 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| DHCPv6 client service is started | 51046 | 0 | | 4 | 4 | 62 | 2305843009213693952 | 2423 | Microsoft-Windows-DHCPv6-Client | 6a1f2b00-6a90-4c38-95a5-5cab3b056778 | System | 1300 | 1696 | WIN-5T344G8GM1H | S-1-5-19 | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | ServiceStart | Service State Event | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| DHCPv4 client service is started | 50036 | 0 | | 4 | 4 | 68 | 2305843009213693952 | 2422 | Microsoft-Windows-Dhcp-Client | 15a7a4f8-0072-4eab-abad-f98a4d666aed | System | 1300 | 1612 | WIN-5T344G8GM1H | S-1-5-19 | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | ServiceStart | Service State Event | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The ProfSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2421 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The SENS service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2420 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The vmicheartbeat service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2419 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The vmicrdv service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2418 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The nsi service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2417 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The EventLog service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2416 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The gpsvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2415 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The VSS service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2414 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The EventSystem service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2413 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Themes service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2412 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1260 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The WPDBusEnum service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2411 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1336 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'storqosflt' (10.0, ?2018?-?01?-?01T04:48:05.000000000Z) has successfully loaded and registered with Filter Manager. | 6 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2410 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 240 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'wcifs' (10.0, ?2018?-?01?-?01T04:48:57.000000000Z) has successfully loaded and registered with Filter Manager. | 6 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2409 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 240 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'luafv' (10.0, ?2017?-?11?-?01T22:09:40.000000000Z) has successfully loaded and registered with Filter Manager. | 6 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2408 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 240 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The vmicvss service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2407 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1380 | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The system time has changed to ?2022?-?10?-?31T11:56:27.032000000Z from ?2022?-?10?-?31T11:56:26.652436100Z.
Change Reason: An application or system component changed the time. | 1 | 1 | | 4 | 5 | 0 | -9223372036854775792 | 2406 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1300 | 1444 | WIN-5T344G8GM1H | S-1-5-19 | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The vmickvpexchange service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2405 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:26 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The vmictimesync service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2404 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:26 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The vmicshutdown service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2403 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1428 | WIN-5T344G8GM1H | | 10/31/2022 11:56:26 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The lmhosts service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2402 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1272 | WIN-5T344G8GM1H | | 10/31/2022 11:56:26 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The HvHost service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2401 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 892 | WIN-5T344G8GM1H | | 10/31/2022 11:56:26 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The DsmSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2400 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 1288 | WIN-5T344G8GM1H | | 10/31/2022 11:56:26 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \SystemRoot\System32\Config\BBI was cleared updating 10 keys and creating 2 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2399 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 916 | 388 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:26 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The BrokerInfrastructure service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2398 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 892 | WIN-5T344G8GM1H | | 10/31/2022 11:56:26 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The tiledatamodelsvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2397 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 892 | WIN-5T344G8GM1H | | 10/31/2022 11:56:18 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The AppXSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2396 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 892 | WIN-5T344G8GM1H | | 10/31/2022 11:56:18 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Miniport NIC 'Microsoft Hyper-V Network Adapter #2' restarted | 11 | 0 | | 4 | 1003 | 0 | -9223372036854775808 | 2395 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 572 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:18 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The miniport 'Microsoft Hyper-V Network Adapter #2' was successfully initialized | 3 | 0 | | 4 | 1002 | 0 | -9223372036854775808 | 2394 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 596 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:18 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Miniport NIC 'Microsoft Hyper-V Network Adapter #2' connected | 12 | 0 | | 4 | 1003 | 0 | -9223372036854775808 | 2393 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 0 | 0 | WIN-5T344G8GM1H | | 10/31/2022 11:56:18 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The VM and host networking components successfully negotiated protocol version '6.1' | 1 | 0 | | 4 | 1001 | 0 | -9223372036854775808 | 2392 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 596 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:18 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Miniport NIC 'Microsoft Hyper-V Network Adapter' restarted | 11 | 0 | | 4 | 1003 | 0 | -9223372036854775808 | 2391 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 472 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:18 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The miniport 'Microsoft Hyper-V Network Adapter' was successfully initialized | 3 | 0 | | 4 | 1002 | 0 | -9223372036854775808 | 2390 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 472 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:18 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Miniport NIC 'Microsoft Hyper-V Network Adapter' connected | 12 | 0 | | 4 | 1003 | 0 | -9223372036854775808 | 2389 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 0 | 0 | WIN-5T344G8GM1H | | 10/31/2022 11:56:18 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The VM and host networking components successfully negotiated protocol version '6.1' | 1 | 0 | | 4 | 1001 | 0 | -9223372036854775808 | 2388 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 472 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:18 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The StateRepository service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2387 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 892 | WIN-5T344G8GM1H | | 10/31/2022 11:56:18 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The dmwappushservice service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2386 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 892 | WIN-5T344G8GM1H | | 10/31/2022 11:56:18 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The CoreMessagingRegistrar service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2385 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 892 | WIN-5T344G8GM1H | | 10/31/2022 11:56:18 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The NetSetupSvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2384 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 892 | WIN-5T344G8GM1H | | 10/31/2022 11:56:17 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The DeviceInstall service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2383 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 892 | WIN-5T344G8GM1H | | 10/31/2022 11:56:17 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The SystemEventsBroker service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2382 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 892 | WIN-5T344G8GM1H | | 10/31/2022 11:56:17 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The sppsvc service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2381 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 892 | WIN-5T344G8GM1H | | 10/31/2022 11:56:17 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The LSM service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2380 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 892 | WIN-5T344G8GM1H | | 10/31/2022 11:56:17 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The RpcSs service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2379 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 896 | WIN-5T344G8GM1H | | 10/31/2022 11:56:17 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The RpcEptMapper service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2378 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 892 | WIN-5T344G8GM1H | | 10/31/2022 11:56:17 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The DcomLaunch service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2377 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 892 | WIN-5T344G8GM1H | | 10/31/2022 11:56:17 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Power service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2376 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 892 | WIN-5T344G8GM1H | | 10/31/2022 11:56:17 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The PlugPlay service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2375 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 812 | 892 | WIN-5T344G8GM1H | | 10/31/2022 11:56:16 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA).
For more information please see http://go.microsoft.com/fwlink/?LinkId=787651. | 16962 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2374 | Microsoft-Windows-Directory-Services-SAM | 0d4fdc09-8c27-494a-bda0-505e4fd8adae | System | 828 | 832 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:16 AM | ba10af67-ed1f-0005-6caf-10ba1fedd801 | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Credential Guard (LsaIso.exe) configuration: 0x0, 0 | 14 | 0 | | 4 | 0 | 0 | 4611686018427387904 | 2373 | Microsoft-Windows-Wininit | 206f6dea-d3c5-4d10-bc72-989f03c8b84b | System | 696 | 700 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:15 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\Users\Default\NTUSER.DAT was cleared updating 126 keys and creating 18 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2372 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 576 | 580 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:11 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat was cleared updating 628 keys and creating 85 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2371 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 576 | 580 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:11 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\Users\Administrator\NTUSER.DAT was cleared updating 1935 keys and creating 116 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2370 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 576 | 580 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:10 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\windows\ServiceProfiles\NetworkService\NTUSER.DAT was cleared updating 128 keys and creating 20 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2369 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 576 | 580 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:10 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \??\C:\windows\ServiceProfiles\LocalService\NTUSER.DAT was cleared updating 137 keys and creating 21 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2368 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 576 | 580 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:56:08 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \SystemRoot\System32\Config\SAM was cleared updating 80 keys and creating 7 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2367 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 4 | 556 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \SystemRoot\System32\Config\SECURITY was cleared updating 87 keys and creating 5 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2366 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 4 | 540 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \SystemRoot\System32\Config\DEFAULT was cleared updating 229 keys and creating 27 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2365 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 4 | 552 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Hive \SystemRoot\System32\Config\SOFTWARE was reorganized with a starting size of 78917632 bytes and an ending size of 74686464 bytes. | 15 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2364 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 4 | 544 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The access history in hive \Device\HarddiskVolume1\Boot\BCD was cleared updating 82 keys and creating 1 modified pages. | 16 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2363 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 488 | 492 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:55 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Hive \SystemRoot\System32\config\DRIVERS was reorganized with a starting size of 5177344 bytes and an ending size of 5169152 bytes. | 15 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2362 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 4 | 212 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:55 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Processor 5 in group 0 exposes the following power management capabilities:
Idle state type: ACPI Idle (C) States (1 state(s))
Performance state type: None
Nominal Frequency (MHz): 1995
Maximum performance percentage: 100
Minimum performance percentage: 100
Minimum throttle percentage: 100 | 55 | 0 | | 4 | 47 | 0 | -9223372036854775808 | 2361 | Microsoft-Windows-Kernel-Processor-Power | 0f67e49f-fe51-4e9f-b490-6f2948cc6027 | System | 4 | 212 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:54 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Processor 4 in group 0 exposes the following power management capabilities:
Idle state type: ACPI Idle (C) States (1 state(s))
Performance state type: None
Nominal Frequency (MHz): 1995
Maximum performance percentage: 100
Minimum performance percentage: 100
Minimum throttle percentage: 100 | 55 | 0 | | 4 | 47 | 0 | -9223372036854775808 | 2360 | Microsoft-Windows-Kernel-Processor-Power | 0f67e49f-fe51-4e9f-b490-6f2948cc6027 | System | 4 | 212 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:54 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Processor 3 in group 0 exposes the following power management capabilities:
Idle state type: ACPI Idle (C) States (1 state(s))
Performance state type: None
Nominal Frequency (MHz): 1995
Maximum performance percentage: 100
Minimum performance percentage: 100
Minimum throttle percentage: 100 | 55 | 0 | | 4 | 47 | 0 | -9223372036854775808 | 2359 | Microsoft-Windows-Kernel-Processor-Power | 0f67e49f-fe51-4e9f-b490-6f2948cc6027 | System | 4 | 212 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:54 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Processor 2 in group 0 exposes the following power management capabilities:
Idle state type: ACPI Idle (C) States (1 state(s))
Performance state type: None
Nominal Frequency (MHz): 1995
Maximum performance percentage: 100
Minimum performance percentage: 100
Minimum throttle percentage: 100 | 55 | 0 | | 4 | 47 | 0 | -9223372036854775808 | 2358 | Microsoft-Windows-Kernel-Processor-Power | 0f67e49f-fe51-4e9f-b490-6f2948cc6027 | System | 4 | 212 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:54 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Processor 1 in group 0 exposes the following power management capabilities:
Idle state type: ACPI Idle (C) States (1 state(s))
Performance state type: None
Nominal Frequency (MHz): 1995
Maximum performance percentage: 100
Minimum performance percentage: 100
Minimum throttle percentage: 100 | 55 | 0 | | 4 | 47 | 0 | -9223372036854775808 | 2357 | Microsoft-Windows-Kernel-Processor-Power | 0f67e49f-fe51-4e9f-b490-6f2948cc6027 | System | 4 | 212 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:54 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Processor 0 in group 0 exposes the following power management capabilities:
Idle state type: ACPI Idle (C) States (1 state(s))
Performance state type: None
Nominal Frequency (MHz): 1995
Maximum performance percentage: 100
Minimum performance percentage: 100
Minimum throttle percentage: 100 | 55 | 0 | | 4 | 47 | 0 | -9223372036854775808 | 2356 | Microsoft-Windows-Kernel-Processor-Power | 0f67e49f-fe51-4e9f-b490-6f2948cc6027 | System | 4 | 212 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:54 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The system has been constrained to a periodic tick
Reason: No HW support. | 508 | 0 | | 4 | 159 | 0 | -9223372036854774780 | 2355 | Microsoft-Windows-Kernel-Power | 331c3b3a-2005-44c2-ac5e-77220c37d6b4 | System | 4 | 8 | WIN-5T344G8GM1H | | 10/31/2022 11:55:54 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Connectivity state in standby: Disconnected, Reason: NIC compliance | 172 | 0 | | 4 | 203 | 0 | -9223372036854774780 | 2354 | Microsoft-Windows-Kernel-Power | 331c3b3a-2005-44c2-ac5e-77220c37d6b4 | System | 4 | 472 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:54 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'npsvctrig' (10.0, ?2016?-?07?-?16T02:28:33.000000000Z) has successfully loaded and registered with Filter Manager. | 6 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2353 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 8 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:54 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The service entered the Driver load complete state. | 7036 | | 16384 | 4 | 0 | | 36028797018963968 | 2352 | VfpExt | | System | | | WIN-5T344G8GM1H | | 10/31/2022 11:55:54 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'FileCrypt' (10.0, ?2016?-?07?-?16T02:22:39.000000000Z) has successfully loaded and registered with Filter Manager. | 6 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2351 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 8 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:54 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Volume \\?\Volume{be07386b-0000-0000-0000-100000000000} (\Device\HarddiskVolume1) is healthy. No action is needed. | 98 | 0 | | 4 | 0 | 0 | -9223372036854775806 | 2350 | Microsoft-Windows-Ntfs | 3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482 | System | 4 | 212 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:53 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'WdFilter' (10.0, ?1978?-?03?-?07T02:59:33.000000000Z) has successfully loaded and registered with Filter Manager. | 6 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2349 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 8 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:53 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| File System Filter 'Wof' (10.0, ?2017?-?10?-?09T01:58:20.000000000Z) has successfully loaded and registered with Filter Manager. | 6 | 1 | | 4 | 0 | 0 | -9223301668110598144 | 2348 | Microsoft-Windows-FilterManager | f3c5e28e-63f6-49c7-a204-e48a1bc4b09d | System | 4 | 8 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:53 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Secure Kernel started with status STATUS_SUCCESS and flags 0. | 3 | 0 | | 4 | 0 | 0 | -9223301668110598144 | 2347 | Microsoft-Windows-IsolatedUserMode | 73a33ab2-1966-4999-8add-868c41415269 | System | 4 | 8 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:52 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Hypervisor initialized I/O remapping.
Hardware present: false
Hardware enabled: false
Policy: 0x0
Enabled features: 0x0
Internal information: 0x0
Problems: 0x0
Additional information: 0x0 | 129 | 0 | | 4 | 0 | 0 | -9223301668110598144 | 2346 | Microsoft-Windows-Hyper-V-Hypervisor | 52fc89f8-995e-434c-a91e-199986449890 | System | 4 | 8 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:52 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Hypervisor scheduler type is 0x1. | 2 | 0 | | 4 | 0 | 0 | -9223301668110598144 | 2345 | Microsoft-Windows-Hyper-V-Hypervisor | 52fc89f8-995e-434c-a91e-199986449890 | System | 4 | 8 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:52 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Hypervisor successfully started. | 1 | 0 | | 4 | 0 | 0 | -9223301668110598144 | 2344 | Microsoft-Windows-Hyper-V-Hypervisor | 52fc89f8-995e-434c-a91e-199986449890 | System | 4 | 8 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:52 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The bootmgr spent 0 ms waiting for user input. | 32 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2343 | Microsoft-Windows-Kernel-Boot | 15ca44ff-4d7a-4baa-bba5-0998955e531e | System | 4 | 8 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:52 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| There are 0x1 boot options on this system. | 18 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2342 | Microsoft-Windows-Kernel-Boot | 15ca44ff-4d7a-4baa-bba5-0998955e531e | System | 4 | 8 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:52 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The boot menu policy was 0x0. | 25 | 0 | | 4 | 32 | 0 | -9223372036854775808 | 2341 | Microsoft-Windows-Kernel-Boot | 15ca44ff-4d7a-4baa-bba5-0998955e531e | System | 4 | 8 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:52 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The boot type was 0x0. | 27 | 1 | | 4 | 33 | 0 | -9223372036854775808 | 2340 | Microsoft-Windows-Kernel-Boot | 15ca44ff-4d7a-4baa-bba5-0998955e531e | System | 4 | 8 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:52 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The last shutdown's success status was true. The last boot's success status was true. | 20 | 0 | | 4 | 31 | 0 | -9223372036854775808 | 2339 | Microsoft-Windows-Kernel-Boot | 15ca44ff-4d7a-4baa-bba5-0998955e531e | System | 4 | 8 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:52 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Virtualization Based Security (policies: VBS Enabled,VSM Required,Boot Chain Signer Soft Enforced) is enabled due to HyperV with status STATUS_SUCCESS. | 153 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2338 | Microsoft-Windows-Kernel-Boot | 15ca44ff-4d7a-4baa-bba5-0998955e531e | System | 4 | 8 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:52 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operating system started at system time ?2022?-?10?-?31T11:55:52.487842400Z. | 12 | 0 | | 4 | 1 | 0 | -9223372036854775680 | 2337 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 4 | 8 | WIN-5T344G8GM1H | S-1-5-18 | 10/31/2022 11:55:52 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The operating system is shutting down at system time ?2018?-?01?-?19T09:48:14.082208700Z. | 13 | 0 | | 4 | 2 | 0 | -9223372036854775680 | 2336 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 4 | 2896 | WIN-5T344G8GM1H | | 1/19/2018 9:48:14 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The kernel power manager has initiated a shutdown transition.
Shutdown Reason: Kernel API | 109 | 0 | | 4 | 103 | 0 | -9223301668110597116 | 2335 | Microsoft-Windows-Kernel-Power | 331c3b3a-2005-44c2-ac5e-77220c37d6b4 | System | 520 | 524 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Defender Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2334 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 956 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Task Scheduler service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2333 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 956 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Event Log service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2332 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 956 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Remote Management (WS-Management) service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2331 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 956 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2330 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 748 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Volume Shadow Copy service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2329 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 956 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The State Repository Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2328 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 956 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Cryptographic Services service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2327 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 956 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Font Cache Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2326 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 956 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Event log service was started. | 6005 | | 32768 | 4 | 0 | | 36028797018963968 | 2325 | EventLog | | System | | | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free. | 6009 | | 32768 | 4 | 0 | | 36028797018963968 | 2324 | EventLog | | System | | | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The NetBIOS name and DNS host name of this machine have been changed from WIN-5T344G8GM1H to WIN-KC9323184J7. | 6011 | | 32768 | 4 | 0 | | 36028797018963968 | 2323 | EventLog | | System | | | WIN-5T344G8GM1H | | 10/31/2022 11:56:27 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Microsoft iSCSI Target Server service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2322 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 956 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Program Compatibility Assistant Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2321 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 956 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Diagnostic Policy Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2320 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 956 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Distributed Link Tracking Client service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2319 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 956 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Remote Desktop Services service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2318 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 748 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Microsoft Software Shadow Copy Provider service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2317 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 748 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Connection Manager service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2316 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 748 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Licensing Monitoring Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2315 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 748 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The User Profile Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2314 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 1040 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Remote Desktop Services UserMode Port Redirector service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2313 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 1100 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Management Instrumentation service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2312 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 416 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Time service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2311 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 416 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The system time has changed to ?2018?-?01?-?19T09:48:13.152000000Z from ?2018?-?01?-?19T09:48:13.164762500Z.
Change Reason: An application or system component changed the time. | 1 | 1 | | 4 | 5 | 0 | -9223372036854775792 | 2310 | Microsoft-Windows-Kernel-General | a68ca8b7-004f-d7b6-a698-07e2de0f1f5d | System | 1244 | 2300 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Credential Manager service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2309 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 1080 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Client License Service (ClipSVC) service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2308 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 2116 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The DHCP Client service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2307 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 1048 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| DHCPv4 client service is stopped. ShutDown Flag value is 1 | 50037 | 0 | | 4 | 4 | 69 | 2305843009213693952 | 2306 | Microsoft-Windows-Dhcp-Client | 15a7a4f8-0072-4eab-abad-f98a4d666aed | System | 436 | 1300 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | ServiceStop | Service State Event | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| DHCPv6 client service is stopped. ShutDown Flag value is 1 | 51047 | 0 | | 4 | 4 | 63 | 2305843009213693952 | 2305 | Microsoft-Windows-DHCPv6-Client | 6a1f2b00-6a90-4c38-95a5-5cab3b056778 | System | 436 | 1360 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | ServiceStop | Service State Event | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Plug and Play service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2304 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 1040 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Hyper-V Volume Shadow Copy Requestor service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2303 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Tile Data model server service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2302 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 1104 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Modules Installer service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2301 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Group Policy Client service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2300 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Hyper-V Virtual Machine Management service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2299 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | | 1/19/2018 9:48:12 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User Logoff Notification for Customer Experience Improvement Program | 7002 | 0 | | 4 | 1102 | 0 | 2305878193585782784 | 2298 | Microsoft-Windows-Winlogon | dbe9b383-7cf3-4331-91cc-a3cb16a3b538 | System | 584 | 916 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:12 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Event log service was stopped. | 6006 | | 32768 | 4 | 0 | | 36028797018963968 | 2297 | EventLog | | System | | | WIN-5T344G8GM1H | | 1/19/2018 9:48:13 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The CDPUserSvc_24762 service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2296 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 1040 | WIN-5T344G8GM1H | | 1/19/2018 9:48:12 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Sync Host_24762 service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2295 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | | 1/19/2018 9:48:12 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. | 10016 | 0 | 0 | 2 | 0 | 0 | -9187343239835811840 | 2294 | Microsoft-Windows-DistributedCOM | 1b562e86-b7aa-4131-badc-b6f3a001407e | System | 820 | 972 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:12 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Certificate Propagation service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2293 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 948 | WIN-5T344G8GM1H | | 1/19/2018 9:48:12 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Remote Desktop Configuration service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2292 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 948 | WIN-5T344G8GM1H | | 1/19/2018 9:48:12 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The process C:\windows\System32\Sysprep\Sysprep.exe (WIN-5T344G8GM1H) has initiated the shutdown of computer WIN-5T344G8GM1H on behalf of user WIN-5T344G8GM1H\Administrator for the following reason: No title for this reason could be found
Reason Code: 0x40002
Shutdown Type: shutdown
Comment: | 1074 | 0 | 32768 | 4 | 0 | 0 | -9187343239835811840 | 2291 | User32 | b0aa8734-56f7-41cc-b2f4-de228e98b946 | System | 448 | 464 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:48:12 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Process C:\Windows\System32\Sysprep\sysprep.exe (process ID:4012) reset policy scheme from {381B4222-F694-41F0-9685-FF5BB260DF2E} to {381B4222-F694-41F0-9685-FF5BB260DF2E} | 12 | 0 | | 4 | 10 | 0 | 4611686018427387904 | 2290 | Microsoft-Windows-UserModePowerService | ce8dee0b-d539-4000-b0f8-77bed049c590 | System | 764 | 316 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:12 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Client License Service (ClipSVC) service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2289 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 948 | WIN-5T344G8GM1H | | 1/19/2018 9:48:11 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Client License Service (ClipSVC) service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2288 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | | 1/19/2018 9:48:11 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Connected User Experiences and Telemetry service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2287 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | | 1/19/2018 9:48:11 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x8'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9) | 134 | 0 | | 3 | 0 | 0 | -9223372036854775808 | 2286 | Microsoft-Windows-Time-Service | 06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb | System | 1244 | 1320 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:48:11 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Client License Service (ClipSVC) service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2285 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | | 1/19/2018 9:48:10 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Software Protection service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2284 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | | 1/19/2018 9:48:09 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The AppX Deployment Service (AppXSVC) service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2283 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 1104 | WIN-5T344G8GM1H | | 1/19/2018 9:48:09 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The TCP/IP NetBIOS Helper service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2282 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 1104 | WIN-5T344G8GM1H | | 1/19/2018 9:48:09 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The TCP/IP NetBIOS Helper service was successfully sent a stop control.
The reason specified was: 0x40030011 [Operating System: Network Connectivity (Planned)]
Comment: None | 7042 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2281 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:09 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Miniport Teredo Tunneling Pseudo-Interface, {8A97E6D0-A2AF-48AE-8BC2-FFC865CC4DF6}, had event Network Interface deleted while PNP Device still exists. Note that this event is provided for informational purpose and might not be an error always (Eg: In case of vSwitch which was recently un-installed or a LBFO team was removed) | 10317 | 0 | | 2 | 2 | 0 | 2305843009213710358 | 2280 | Microsoft-Windows-NDIS | cdead503-17f5-4a3e-b7ae-df8cc2902eb9 | System | 976 | 3116 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:09 AM | 8a97e6d0-a2af-48ae-8bc2-ffc865cc4df6 | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | PnP | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Miniport NIC 'Microsoft Hyper-V Network Adapter #2' is halting | 6 | 0 | | 4 | 1003 | 0 | -9223372036854775808 | 2279 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 4 | 1984 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:09 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Miniport Microsoft Hyper-V Network Adapter #2, {518CDFA4-5492-4D9E-BEAA-908825A4A289}, had event Network Interface deleted while PNP Device still exists. Note that this event is provided for informational purpose and might not be an error always (Eg: In case of vSwitch which was recently un-installed or a LBFO team was removed) | 10317 | 0 | | 2 | 2 | 0 | 2305843009213710358 | 2278 | Microsoft-Windows-NDIS | cdead503-17f5-4a3e-b7ae-df8cc2902eb9 | System | 976 | 3116 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:09 AM | 518cdfa4-5492-4d9e-beaa-908825a4a289 | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | PnP | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x8'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9) | 134 | 0 | | 3 | 0 | 0 | -9223372036854775808 | 2277 | Microsoft-Windows-Time-Service | 06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb | System | 1244 | 1800 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:48:09 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Isatap interface isatap.{518CDFA4-5492-4D9E-BEAA-908825A4A289} is no longer active. | 4201 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2276 | Microsoft-Windows-Iphlpsvc | 66a5c15c-4f8e-4044-bf6e-71d896038977 | System | 976 | 1376 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:09 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Miniport NIC 'Microsoft Hyper-V Network Adapter #2' paused | 10 | 0 | | 4 | 1003 | 0 | -9223372036854775808 | 2275 | Microsoft-Windows-Hyper-V-Netvsc | 152fbe4b-c7ad-4f68-bada-a4fcc1464f6c | System | 976 | 3116 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:09 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Network Setup Service service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2274 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | | 1/19/2018 9:48:09 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Microsoft-Windows-Kernel-PnP/Configuration log file was cleared. | 104 | 0 | | 4 | 104 | 0 | -9223372036854775808 | 2273 | Microsoft-Windows-Eventlog | fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148 | System | 436 | 1136 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:48:09 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Log clear | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the VIA StorX Storage RAID Controller Windows Driver service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2272 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:07 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the vsmraid service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2271 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:07 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the Microsoft Universal Flash Storage (UFS) Driver service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2270 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:05 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the Microsoft Standard NVM Express Driver service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2269 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:05 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the stexstor service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2268 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:05 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the SiSRaid4 service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2267 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:05 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the SiSRaid2 service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2266 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:05 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the Microsoft Storage Class Memory Bus Driver service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2265 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:04 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the SBP-2 Transport/Protocol Bus Driver service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2264 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:04 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the QLogic [FCoE] STOR Miniport Inbox Driver (wx64) service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2263 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:04 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the QLogic iSCSI Miniport Inbox Driver service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2262 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:04 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the QLogic Fibre Channel STOR Miniport Inbox Driver (wx64) service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2261 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:04 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the percsas3i service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2260 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:03 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the percsas2i service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2259 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:03 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the pcmcia service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2258 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:03 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the nvraid service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2257 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:03 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the nvstor service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2256 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:02 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the QLogic 10 Gigabit Ethernet Adapter VBD service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2255 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the QLogic Network Adapter VBD service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2254 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:59 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the mvumis service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2253 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the Microsoft Standard SATA AHCI Driver service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2252 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:58 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the pciide service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2251 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:57 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the megasr service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2250 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:55 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the megasas2i service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2249 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:55 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the megasas service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2248 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:55 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the isapnp service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2247 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:51 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the LSI_SSS service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2246 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:51 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the LSI_SAS3i service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2245 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:50 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the LSI_SAS2i service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2244 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:50 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the LSI_SAS service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2243 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:50 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the Intel RAID Controller Windows 7 service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2242 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:49 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the Intel(R) SATA RAID Controller Windows service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2241 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:49 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the HpSAMD service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2240 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:49 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the elxstor service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2239 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:48 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the elxfcoe service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2238 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:48 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2237 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:48 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the cht4iscsi service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2236 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:47 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the QLogic Offload iSCSI Driver service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2235 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:47 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the QLogic FCoE Offload driver service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2234 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:46 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the bfadfcoei service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2233 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:46 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the bfadi service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2232 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:46 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the Adaptec SAS/SATA-II RAID Storport's Miniport Driver service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2231 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:46 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the amdsbs service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2230 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:45 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the amdxata service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2229 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:45 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the amdsata service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2228 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:45 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the ADP80XX service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2227 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:45 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The start type of the 3ware service was changed from demand start to boot start. | 7040 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2226 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:47:45 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Update Orchestrator Service for Windows Update service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2225 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | | 1/19/2018 9:47:40 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Windows Update service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2224 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | | 1/19/2018 9:47:35 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The User Access Logging Service service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2223 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | | 1/19/2018 9:47:35 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Distributed Transaction Coordinator service entered the stopped state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2222 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | | 1/19/2018 9:47:34 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The AppX Deployment Service (AppXSVC) service entered the running state. | 7036 | 0 | 16384 | 4 | 0 | 0 | -9187343239835811840 | 2221 | Service Control Manager | 555908d1-a6d7-4695-8e1e-26931d2012f4 | System | 656 | 732 | WIN-5T344G8GM1H | | 1/19/2018 9:47:33 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Setup log file was cleared. | 104 | 0 | | 4 | 104 | 0 | -9223372036854775808 | 2220 | Microsoft-Windows-Eventlog | fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148 | System | 436 | 1136 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:47:33 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Log clear | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The Application log file was cleared. | 104 | 0 | | 4 | 104 | 0 | -9223372036854775808 | 2219 | Microsoft-Windows-Eventlog | fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148 | System | 436 | 1136 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:47:33 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Log clear | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The System log file was cleared. | 104 | 0 | | 4 | 104 | 0 | -9223372036854775808 | 2218 | Microsoft-Windows-Eventlog | fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148 | System | 436 | 1136 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:47:33 AM | | | system | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Log clear | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |