| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 855 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 4720 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:27:52 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 854 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 4720 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:26:52 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 853 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 4720 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:25:52 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1916; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 852 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1916 | 2216 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:24:06 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 851 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 1280 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:24:06 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7AD99ECF-FDCF-4741-A8FA-08AFA6CE609A}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=468309133; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 850 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:23:43 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A11A5D51-963D-4CD0-BC18-EE0396A654DC}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-7d1f3d74-4e01-4dc9-b278-adbb48913c96"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 849 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3492 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:23:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {90E0C137-B755-4DB5-9470-B1141133C023}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-7d1f3d74-4e01-4dc9-b278-adbb48913c96",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81268"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 848 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3492 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:23:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1597319A-9D68-4259-B071-5A54604B804F}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{D927A966-C0F7-47D4-A495-ABE7E0C91784}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 847 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:23:37 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9ECEB156-9A54-4478-875C-35D6ABB49BBA}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1083691750; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 846 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3492 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:23:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {D9CAFB52-BE87-4C71-B96E-A78E5948D364}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-26771d80-51b0-4a99-a223-cce726b0f3f0"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 845 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3492 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:23:35 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {5C7DDF4F-CC11-4669-82CD-3F3C0B186D9C}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-26771d80-51b0-4a99-a223-cce726b0f3f0",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81268"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 844 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:23:35 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2752; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 843 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2752 | 3368 | hv-cinder-81268 | S-1-5-19 | 6/30/2022 1:23:35 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %SystemRoot%\System32\storagewmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 842 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 1280 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:23:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 841 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 1280 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:22:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1985F82B-A2BF-4D43-A1F1-D632EB7207BB}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1937828593; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 840 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:22:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {91348CE8-6700-4BF6-B775-148888366CA3}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-07726e32-1893-4c06-9c00-59a92c5c96da"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 839 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:22:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {780BD846-1F4C-4C6D-B6CF-63ADF7819B41}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-07726e32-1893-4c06-9c00-59a92c5c96da",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81268"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 838 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:22:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2752; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 837 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2752 | 3368 | hv-cinder-81268 | S-1-5-19 | 6/30/2022 1:22:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %SystemRoot%\System32\storagewmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 836 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 1280 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:22:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %SystemRoot%\System32\storagewmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 835 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 1280 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:21:28 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVSS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %systemroot%\system32\wbem\vsswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 834 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 1280 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:21:22 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {3F494E90-24B7-4C8A-ABB2-9308D24B839B}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=668373108; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 833 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:21:20 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4664; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 832 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4664 | 4516 | hv-cinder-81268 | S-1-5-19 | 6/30/2022 1:21:12 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 831 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 1280 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:20:52 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {173B386E-D65E-4D65-8682-DED475DF4405}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=245486881; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 830 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:19:54 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {66225CD8-7F7D-439C-A2FC-A437247AFCB9}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=911718174; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 829 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:19:17 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {556F61EC-A318-4243-B726-3AE49C4DF5D7}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{3A2BDA0A-9816-4420-8FFB-2CB0ED5B23E2}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 828 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2860 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:19:15 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A8ABB646-463E-4B26-9939-0A9B01685BA8}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=950371968; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 827 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:18:56 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {F07BB93A-E256-4D8A-8D19-03082A25793A}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-7d1f3d74-4e01-4dc9-b278-adbb48913c96"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 826 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:18:56 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {CE75504C-7733-4E60-BD40-FD34793CDB08}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1400431538; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 825 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2860 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:18:55 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {223D8C77-4AAC-4F14-AFCC-A3CC9E0C92C6}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-7d1f3d74-4e01-4dc9-b278-adbb48913c96",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81268"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 824 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:18:55 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {721F5685-4EDC-4CCC-9BCF-FF1DE4B0CFA8}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{CBC9A5F7-6622-46A0-8688-471B03E6C6E9}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 823 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3712 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:18:50 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %SystemRoot%\System32\storagewmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 822 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 1280 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:18:50 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {8B1C20F5-8C79-4C6D-B136-105EFCCE7B3C}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{6CCB1DA5-DFC4-4EB9-8FBF-E6AD469A463F}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 821 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2860 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:18:49 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {D5F1B674-C69B-40B4-8FC3-04E3E63BDC3F}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{DF62DEE1-7A56-490B-95D7-69236879FBF2}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 820 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 928 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:18:41 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {2D213776-2043-4D05-BC51-83A8F1E241E2}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{8B89E98C-1C53-4BE4-A54A-5F15B07039BF}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 819 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:18:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {ACCDFFB5-FB85-455F-A392-C2FCD3BF2CA7}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{51092FB0-4282-4D76-8EB8-A00D346B645D}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 818 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:18:28 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {F5B80A72-1556-42A1-B422-8C0E32A8C3CF}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1249578530; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 817 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:59 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {D3B14508-42E4-4950-ADA8-0AEE23C31EE8}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{9721E8EF-D955-4AF5-B816-1B6CAA8D41B6}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 816 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:58 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {AFCB31C8-61A8-4161-BF29-78CB4EB3234F}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=398889359; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 815 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:50 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {B833DE6E-0C70-460B-A255-9788B6722A74}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1453156708; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 814 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3632 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:49 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {6D24E3A5-303C-4D84-A299-A514B99CA98E}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1526291997; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 813 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:49 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {40B27FE0-6D7A-4054-BCA8-DCD7194C4D8A}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{2770650A-958C-4940-8E52-074BE099147C}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 812 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:48 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {E74D15F6-113D-4414-BFB8-1EFB3D7D1EEE}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{2EE28FA9-3119-4430-A843-F5E2D4AC2585}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 811 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:48 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {6331815A-7566-4F8F-9417-48B6DC7DEF6C}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1459961247; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 810 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3632 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:47 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {5DB24083-B105-4787-9098-62F6A019F670}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1552503625; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 809 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:38 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {12A0DBF7-7829-4035-9C47-4F9CB3DD8B5C}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=384641496; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 808 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3712 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:38 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {33F36E92-412F-40DA-901B-DF3A0A9D7CC8}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{E6DDE246-9707-4D7C-8F97-5614EA054851}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 807 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1D67A866-1A73-40C1-BB2E-AF2331F37518}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=347098844; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 806 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3632 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:35 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {0DA1A58D-DF6F-485A-95D0-50726E63A64E}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{C72A1493-8C2C-4BC5-835B-520075E72FC1}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 805 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3632 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:35 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {D7FB3AA8-2756-4C2A-B628-7576D8336323}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{72AA8EFD-7D4C-4D1D-9A1A-B28E8F9407B3}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 804 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7B574E90-4DFF-4784-B475-B0BCABB8AACC}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=820125382; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 803 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {2879690F-F5F9-4748-A67F-D5765DED6C19}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1535330932; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 802 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3712 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:22 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {E942D601-A7D4-4793-A9CF-2A719BF92FB3}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{222BD12A-17B0-4689-9754-9C561583559D}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 801 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3712 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:17 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {687DFF9F-8EF8-4B46-82D9-D7AAB8700ABC}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1970780093; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 800 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:16 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9AC8A9D5-40F7-4315-BA5E-3BFD95A3EB44}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2086107842; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 799 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3712 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C7600801-6CDF-4A49-8DA4-871850FF0C01}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1406217733; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 798 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3632 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C49C56B2-2923-4C19-985C-546ED87DCDE2}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2049523269; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 797 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3632 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {E4C0E0D7-69C1-4679-911F-F06241DED986}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=124212905; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 796 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3712 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {831F1C7E-C277-49A4-BF75-D868D787DF65}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1633800462; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 795 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3712 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {21B5BCFA-CBA5-491B-888F-367948EC1F3A}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1081298014; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 794 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3712 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:17:08 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {34F8F67B-87C2-4013-8DE2-F7D0C8D10496}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1663321630; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 793 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 4040 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:59 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {B7D8845A-BD17-4614-8F56-891CC0814162}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1934941744; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 792 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2860 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:58 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1F5D8EF7-B6E1-4CAC-B0DA-FE276B6FA3C2}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=273935679; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 791 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 4040 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:58 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1D464649-DB95-4C2F-A1A2-50E08F1CECEE}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=120368279; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 790 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 4040 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:58 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {230934DE-EB86-4434-8C6D-026092A2A385}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{04A871A0-1BC3-44CD-A07B-3EFC8F0D561C}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 789 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2860 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:57 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {0A9A4690-ACE6-4453-AA1F-330777F63341}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1852486387; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 788 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2860 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:57 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {60F5252F-CCE7-4857-94FD-FFB092B70C65}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=161019486; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 787 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2860 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:56 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C3EDCF5A-37D1-4556-93A0-354CEC9589DB}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1518150275; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 786 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:48 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1611BEA1-AAD0-4E59-A1AA-B4320391BB35}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{033FFA9B-76EC-484A-A11A-E7B3C8B00E8E}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 785 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3688 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:47 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {885043B9-805B-45E5-A20E-9EA3766E3DAE}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{23365C80-A900-44E3-A9C6-B4AF35A61346}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 784 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:47 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7A99E2E5-E5CC-4AFD-9E7E-B24B4A599B61}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-2b19d2fa-5118-40cd-8131-d84b1e221428"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 783 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:47 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {2E7D5BF0-3928-4D34-896E-F1DF2C8E5B38}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-2b19d2fa-5118-40cd-8131-d84b1e221428",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81268"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 782 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:47 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {3E619D21-A01A-425B-BC19-33AFAA62A13F}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1783209374; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 781 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:32 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {4F14659F-08C7-4C94-ADCE-C7DF773C1D3D}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=711218545; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 780 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:25 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {30C2A128-DC47-42C7-9F3C-6D3A495E5233}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=202337317; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 779 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 4040 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:15 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {DA26896E-7379-4D5B-B096-B3C7C86A2382}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-894dd0d8-709d-455d-906a-9064f14f2cb7"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 778 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {296A0981-A932-4226-9EF0-3967C10E8824}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-894dd0d8-709d-455d-906a-9064f14f2cb7",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81268"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 777 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {E70CA51A-8DC8-44C7-8DF2-ACFD8DBFADEF}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1261764552; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 776 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 4040 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {F4081EF6-D511-48D7-BA68-4751F1B344F7}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=286634857; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 775 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2860 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:10 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {B67FA346-3496-455B-ADDF-EED6DF5EEB60}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=147875243; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 774 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2860 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7A102EF4-A503-4C9E-AF84-F8748218E65E}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-eb1404c0-4e06-4b6d-8d3a-8929efd80ef2"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 773 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:03 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {D7E2C644-FF56-4256-8DA3-813CB6F1E1E7}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-eb1404c0-4e06-4b6d-8d3a-8929efd80ef2",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81268"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 772 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 4040 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:03 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7872CF52-EF89-488E-8426-1191D3EB1681}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-82118f9d-4334-49ea-9baa-3ef79b3fd5ed"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 771 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3632 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {0FCC71F6-1877-4E84-A763-61871D495DC6}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-82118f9d-4334-49ea-9baa-3ef79b3fd5ed",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81268"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 770 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:16:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %SystemRoot%\System32\storagewmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 769 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 4388 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:15:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {4A7F56FC-7BC4-4D12-8E30-2240C1C512B9}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1630252326; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 768 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:15:02 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {40A80FB8-FDB2-4649-8D98-3B4BB1E8D88D}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1105321570; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 767 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3688 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:15:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {E9E58000-3335-4443-9224-21779AC90C00}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{AA19F483-74F2-4A99-A151-F2A6CECBEBD2}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 766 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:14:59 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {E65701B7-3A1A-42E2-B554-AFFA49756C0B}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-40e35279-50a5-4940-8875-52455e5b54ab"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 765 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3712 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:14:31 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {2709F22C-DFC5-4741-81EB-C595EC099658}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-40e35279-50a5-4940-8875-52455e5b54ab",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81268"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 764 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3632 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:14:31 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {B505C5EE-7CD8-4BF4-8496-E4A447EA79FB}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=116907996; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 763 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:14:20 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {690A5049-E62B-4B4C-AA8C-62D38D1DF43B}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1207938503; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 762 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:14:17 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6A3846E-2F73-492E-917E-2AC0CB2511CD}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1575443314; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 761 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:14:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {0B36E1FF-16A5-4FE3-A390-CAD7C28973BA}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=188346486; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 760 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2860 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:14:04 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {F2089D6D-4A85-4F93-A1B9-46B59B3F9880}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=3743689; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 759 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2860 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:14:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVSS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %systemroot%\system32\wbem\vsswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 758 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 4388 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:14:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9EE802BF-0435-408A-9951-12149BDDC9E9}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-894dd0d8-709d-455d-906a-9064f14f2cb7"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 757 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:13:41 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7885E98E-2829-44A8-8D39-016D802F6E8D}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-894dd0d8-709d-455d-906a-9064f14f2cb7",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81268"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 756 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3632 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:13:41 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {EFC629F1-2158-4C88-A8D0-00D11694AE84}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=324165041; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 755 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:13:37 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {77AD3B79-65BD-4971-8DF4-0F33F80C7B7C}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2008923991; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 754 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:13:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {AA261543-6F99-410D-B9F6-46BA9A1770FF}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-11e92339-2224-4deb-a806-a813eff4d326"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 753 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 4040 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:13:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {284BC0AE-5905-44BB-B8B4-8BD2F9ADED2B}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-11e92339-2224-4deb-a806-a813eff4d326",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81268"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 752 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:13:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4664; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 751 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4664 | 4516 | hv-cinder-81268 | S-1-5-19 | 6/30/2022 1:13:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %SystemRoot%\System32\storagewmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 750 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 4388 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:13:26 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {569CA7A5-FA59-45E7-908D-60A4E8C11C7D}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-cfaf76b9-2698-4a96-9341-197cda0e78f4"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 749 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:12:31 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {0F59DF40-5B7D-4BAF-AD34-B69A515B86AF}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-cfaf76b9-2698-4a96-9341-197cda0e78f4",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81268"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 748 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:12:30 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {E35FB33F-4526-4A4C-B03A-3170ECE96909}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-1097e130-581f-4a40-a8e5-90dc1e3a2728"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 747 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:12:28 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {32EF54AB-9285-46EA-9375-4115FFFED535}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-1097e130-581f-4a40-a8e5-90dc1e3a2728",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81268"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 746 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:12:28 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {4F333EF5-2F57-4C7B-BAE3-2DBE4C1DE36D}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-60ddd9f7-9575-4160-ae1e-e99bfeaab0ae"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 745 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:12:03 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {407FBE57-58E6-411A-A5AA-2D66EABBA21C}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-60ddd9f7-9575-4160-ae1e-e99bfeaab0ae",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81268"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 744 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:12:03 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A1633684-C409-4EBB-8922-0041FCED77D0}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1103728524; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 743 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3492 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:11:50 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {2915C854-7617-4804-A937-EC2356F07280}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1525482448; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 742 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3492 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:11:49 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {E42A0B58-F89C-4B56-975E-66976CFD33C9}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=75422724; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 741 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3492 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:11:47 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7FAD71E6-2F75-42A2-B3DA-AE2C46CA0E95}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{E97245AC-2F25-485B-9331-C9205FAE72B1}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 740 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 4040 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:11:46 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {0ADEB9B9-CF68-4392-B69D-DDD151AFDF82}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1257013064; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 739 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 4040 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:11:45 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {D4D38BFB-7B92-4324-9791-3595E8EAA153}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{73022D36-629A-4215-BA20-AD2C7666E6F2}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 738 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:11:44 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A001314C-A6D6-4FF4-957B-5E7137DDA34D}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1135556565; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 737 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:11:43 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {216460B0-56E8-46ED-A80A-EF9B90849BF8}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=527087966; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 736 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 4040 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:11:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FB2A05EC-63FA-4AF3-A7A7-0BE196E8AE3E}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1261295194; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 735 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:11:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {B0BF05AF-19B9-4FB2-B21F-4BB2819EF6AB}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=513538064; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 734 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:11:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVSS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %systemroot%\system32\wbem\vsswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 733 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 4388 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:11:25 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {BF4154CC-C08E-48C6-8887-2883A6773EF3}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-a9aa38c9-6532-45a5-ab4a-6db36049e113"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 732 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:11:19 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A7655594-6B1F-4857-B83F-38B6E88E6314}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-a9aa38c9-6532-45a5-ab4a-6db36049e113",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81268"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 731 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:11:18 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {0DD4FB9E-33E3-4E54-8511-4C083593AA1D}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{9ACA6D32-146B-45BB-91B7-01866299434A}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 730 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:11:16 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {272CACC8-EF04-49D5-941E-9B940F1C0B48}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{D630DDB8-8936-49DF-A266-A130F8203467}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 729 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:11:15 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {B4D420B3-120A-4405-8176-650845A29E84}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{041FB02B-65E7-41BB-93A5-CDFFE49CA410}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 728 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3492 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:11:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4664; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 727 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4664 | 4516 | hv-cinder-81268 | S-1-5-19 | 6/30/2022 1:10:53 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 726 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 4388 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:10:52 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {408F12FF-0E48-44A0-812A-92B00B08BE55}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{4E80A191-377F-4105-A9F1-A3E530DD1333}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 725 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:10:07 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {53F482A5-9EAC-4005-89E6-79595F6F923F}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-a36ff5e4-3f96-4d94-9b18-606c12d00f93"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 724 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3712 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:09:53 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {29AB89FC-1FD2-452B-89BB-E4B3C0205319}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-a36ff5e4-3f96-4d94-9b18-606c12d00f93",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81268"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 723 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3632 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:09:53 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {2197EAEA-E727-49DE-B686-BC2635C5AE3D}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{9FD1CD87-5EC1-4A11-BABB-301C90CFB474}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 722 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3492 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:09:49 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {872DDAB8-0C26-454E-92DF-094A52891F23}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{F8F95AB5-E3BC-43EB-B0E1-EE728B838F6E}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 721 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 1640 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:09:47 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {5A138A81-436F-4F6A-BE96-25A6345B1EBC}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{CB1BF0D4-C2A7-45D9-8B30-001A438266F9}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 720 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3856 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:09:46 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %SystemRoot%\System32\storagewmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 719 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 4388 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:09:12 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {B4DE0DE1-A53A-4C2C-BB53-6EC2C5E9D784}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=497953316; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 718 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3712 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:08:32 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {24B1AEF9-4F4C-4DB0-A012-A543DB9A3D8F}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=302800471; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 717 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:08:31 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {DA1A11B8-CAB7-444C-9ED8-35853A225B50}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2098585576; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 716 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3712 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:08:29 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61FD9AF1-DB8B-47D7-9A3C-3E7F4EDF9BD5}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=473892747; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 715 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3712 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:08:28 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {CD2977CF-477C-4F10-BE1B-D23999C40B91}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{6122BC29-C0B4-44F3-8D12-9954BEB8614D}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 714 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:08:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {4160C052-F615-4298-80F5-8703A342349E}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1511280277; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 713 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3712 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:08:26 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {5A2183BA-912D-4DF2-8C30-577EB1BA3666}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{01B21FF7-D5FC-4637-B47B-314E8C6273BF}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 712 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2860 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:08:19 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {6FAA4B19-6553-4CC2-BBC9-397ACFC86F4E}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1679839712; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 711 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:08:18 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {EC5B2637-38C8-402B-80F4-949A5531A5B1}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=279039046; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 710 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2272 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:08:18 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {2585B639-4E20-485D-932B-7B37CB65955F}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2124569738; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 709 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2860 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:08:10 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {EB895F3B-4468-4999-A05C-4C891BD06141}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=269714355; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 708 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:08:08 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {E0B4A6FE-930A-47E2-85FE-FE668E24AB60}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=149373962; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 707 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:07:30 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {43D3BDC2-57FA-4514-9B31-BBC3F0C207D4}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=307535829; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 706 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 928 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:07:30 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {F5726525-E36F-4D56-8C64-6C93F26101DC}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=294129421; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 705 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 4040 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:07:29 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {51AA584F-2D36-4D66-9D9B-44D46A837ED2}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=874545995; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 704 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:07:29 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {ADEB92B2-DEFE-4AA0-A18E-6CE51A456E95}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{7D365B9C-1E0C-4D32-8344-0F8A7843C290}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 703 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:07:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {3ED6A6B7-8E1B-4255-A221-950C6AC3F7A6}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{61EEE4FC-6000-4D5A-8BFB-35B1A76B635E}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 702 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 4040 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:07:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {80CDEE66-40C5-4119-93B5-9549ACE04C14}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1513768284; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 701 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3492 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:07:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {E54E5476-30C8-459E-8B1B-5DDCD759A26B}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1626904781; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 700 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 4040 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:07:12 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {D07C1108-BF40-4117-A021-D7E4641A5D60}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=38568708; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 699 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3492 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:07:12 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1A1EB869-9168-4619-B49F-724D09E6ED34}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=13594372; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 698 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3492 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:07:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A012C12E-89E9-4C8D-BD86-7D9A46437FAC}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1454220866; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 697 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2424 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:07:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {EC7EF306-8901-4DD5-A5C1-F50E3DC35BC7}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{B2F8359D-535B-43CF-8AE7-D5FDFF41E4C7}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 696 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3492 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:07:10 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {ED5A7CBD-7CB8-474E-9771-3F1E59322AD7}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=237437540; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 695 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 4040 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:07:10 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {6ED3E014-BDA2-4AFE-8723-861C8A633700}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-d1cd560f-fb48-495d-8d96-fc9d5fc0cb0e"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 694 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3492 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:07:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C179FF79-9059-4E04-AF30-284FCF8C248F}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-d1cd560f-fb48-495d-8d96-fc9d5fc0cb0e",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81268"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 693 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 4040 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:07:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {549EDF7B-FC7B-4A52-883C-3A487E6C3784}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=845817118; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 692 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3688 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:58 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FB94D963-2839-4D7F-9394-9F4DCE56C765}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1685881198; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 691 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3856 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:57 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {DB70E19B-853D-44CA-A4CE-3BF014544F3B}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1663341244; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 690 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:54 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {10E3B670-2B2D-46F9-B8D0-34A8703546E1}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1989020961; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 689 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3856 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:53 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1C155A37-8243-40A9-885B-159407EB741D}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=642253811; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 688 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:52 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {6E97E3DA-1C74-461A-9FE6-F4DE28ADF4DB}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1120398984; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 687 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3856 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:52 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {203B6B0C-39BE-464F-9E88-6CBD0FAF06A0}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1542554656; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 686 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3688 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:50 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {0D612D75-9936-48E3-8CE4-532A8E78F703}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2131632781; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 685 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 4040 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:48 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %SystemRoot%\System32\storagewmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 684 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 4388 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:06:47 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {EE408A41-1F12-4195-916E-0715D7DD2B49}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{6B04E394-7630-4C65-8E96-B58DC05986C2}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 683 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3688 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:46 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {11F4AABE-1419-466A-9AE9-FCD5FE985AAE}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1796674365; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 682 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:46 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {255A1FE7-0278-4ED0-9EE8-A10559083B59}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=361241222; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 681 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3856 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7BA639BE-74FB-4915-ABA1-AAEE9D343A12}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=538497063; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 680 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 928 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:26 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {3829E572-0965-43E5-A380-149F559E9D3F}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1953555572; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 679 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3856 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:25 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A00DAC96-621D-44F2-B536-E9569203C77B}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1985354646; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 678 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3856 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A22B2D7C-DF35-4189-A708-C4E2BC07528E}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{6B9C95EC-061D-46DD-A02D-DBB897099361}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 677 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 928 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {3FECC021-79DA-4780-BA6F-83725D8AB838}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1253133502; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 676 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3856 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {32F998B9-C42B-433C-85A9-B9373EDBABBD}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1914069736; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 675 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 928 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1EC50204-0F03-4058-B5C6-86138655E07A}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=420312982; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 674 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {5BFFD212-592E-470B-B037-3813357FA4E9}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=205487076; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 673 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3688 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:04 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {E56CB362-CF80-420D-A476-7202A5A3CF22}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=809777540; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 672 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:04 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1E069AD1-67FB-4F83-8172-22404EF98E70}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1225981091; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 671 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3836 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:03 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FEC98799-612E-4391-8022-0E4BE0214FDD}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=325731339; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 670 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3688 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:02 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {CEF12E88-A427-49EB-9885-1C5F55905165}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{80F3DBF2-B8BD-4CD1-A8D6-C4677292C076}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 669 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 928 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:01 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {2131401C-4C74-4817-A04F-3D8A7366C6C0}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=919340816; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 668 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3688 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {EA6AB317-54A3-4A5D-8849-666028B53E5A}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1050073666; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 667 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3688 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:06:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {32099EBF-8A7D-4F75-A7CD-A6C5B554BD74}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=789698334; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 666 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 928 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:05:55 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {5894F8AF-0815-414B-947B-8C71CD694E88}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3384; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{AFCAB370-3E4E-4EF2-9BFB-45116C14E046}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 665 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 928 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:05:53 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVSS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %systemroot%\system32\wbem\vsswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 664 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 1280 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:05:44 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4664; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 663 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4664 | 4516 | hv-cinder-81268 | S-1-5-19 | 6/30/2022 1:05:43 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4996; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 662 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4996 | 2956 | hv-cinder-81268 | S-1-5-19 | 6/30/2022 1:03:49 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __InstanceDeletionEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_SyntheticEthernetPortSettingData' ; UserName = NT AUTHORITY\SYSTEM; ClientProcessID = 1292, ClientMachine = HV-CINDER-81268; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 661 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 748 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:03:48 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __InstanceCreationEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_SyntheticEthernetPortSettingData' ; UserName = NT AUTHORITY\SYSTEM; ClientProcessID = 1292, ClientMachine = HV-CINDER-81268; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 660 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 748 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:03:48 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = root\virtualization\v2; NotificationQuery = SELECT EnabledState, TargetInstance FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Msvm_ComputerSystem' AND TargetInstance.EnabledState != PreviousInstance.EnabledState AND (TargetInstance.EnabledState = '2' OR TargetInstance.EnabledState = '3' OR TargetInstance.EnabledState = '32768' OR TargetInstance.EnabledState = '32769'); UserName = NT AUTHORITY\SYSTEM; ClientProcessID = 4792, ClientMachine = HV-CINDER-81268; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 659 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 748 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:03:45 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_WIN32_TERMINALSERVICE_Prov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %SystemRoot%\system32\tscfgwmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 658 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 4780 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:03:28 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2640; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 657 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2640 | 3936 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 1:03:19 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 656 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 4780 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:03:19 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4600; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 655 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4600 | 4780 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 1:03:18 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2200; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 654 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2200 | 1684 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:57:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4920; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 653 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4920 | 2748 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 12:56:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_WIN32_TERMINALSERVICE_Prov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4920; ProviderPath = %SystemRoot%\system32\tscfgwmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 652 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4920 | 884 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 12:56:32 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4920; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 651 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4920 | 2748 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 12:56:32 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3364; ProviderPath = %systemroot%\system32\wbem\msiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 650 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3364 | 3392 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:35:18 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5064; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 649 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 5064 | 5092 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 12:34:57 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FAA4B916-8C7C-0004-BABC-A4FA7C8CD801}; ClientMachine = HV-CINDER-81268; User = HV-CINDER-81268\Admin; ClientProcessId = 3892; Component = Core; Operation = Start IWbemServices::ExecNotificationQuery - root\virtualization\v2 : SELECT * FROM __InstanceDeletionEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; ResultCode = 0x800706BE; PossibleCause = Could not send status to client | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 648 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3688 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:31:44 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FAA4B916-8C7C-0004-BABC-A4FA7C8CD801}; ClientMachine = HV-CINDER-81268; User = HV-CINDER-81268\Admin; ClientProcessId = 3892; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - root\virtualization\v2 : SELECT * FROM __InstanceDeletionEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 647 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2756 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:31:44 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FAA4B916-8C7C-0004-BABC-A4FA7C8CD801}; ClientMachine = HV-CINDER-81268; User = HV-CINDER-81268\Admin; ClientProcessId = 3892; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - root\virtualization\v2 : SELECT * FROM __InstanceModificationEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 646 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2756 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:31:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __InstanceDeletionEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; UserName = HV-CINDER-81268\Admin; ClientProcessID = 3892, ClientMachine = HV-CINDER-81268; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 645 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2756 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:31:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __InstanceModificationEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; UserName = HV-CINDER-81268\Admin; ClientProcessID = 3892, ClientMachine = HV-CINDER-81268; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 644 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2756 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:31:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 664; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 643 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 664 | 3800 | hv-cinder-81268 | S-1-5-19 | 6/30/2022 12:31:41 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 642 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 1032 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 12:31:39 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSiSCSITargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 704; ProviderPath = C:\windows\system32\wbem\SmIscsiTargetProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 641 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 704 | 3652 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 12:31:38 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3896; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 640 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3896 | 3860 | hv-cinder-81268 | S-1-5-19 | 6/30/2022 12:31:38 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3364; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 639 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3364 | 3392 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:31:37 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSiSCSITargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 704; ProviderPath = C:\windows\system32\wbem\SmIscsiTargetProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 638 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 704 | 3504 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 12:31:37 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_WIN32_TERMINALSERVICE_Prov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %SystemRoot%\system32\tscfgwmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 637 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2932 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 12:31:25 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| wfascim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\wfascim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 636 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 1032 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 12:31:21 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1268; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 635 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1268 | 4052 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:46 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 634 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2932 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 12:30:46 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 604; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MSiSCSI_PortalInfoClass; ResultCode = 0x8004100C; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 633 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2748 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:19 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 604; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MS_SM_AdapterInformationQuery; ResultCode = 0x8004100C; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 632 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2748 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:19 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| wmiprov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3364; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 631 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3364 | 3392 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:19 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = HV-CINDER-81268\cloudbase-init; ClientProcessId = 2520; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT RemainingWindowsReArmCount, KeyManagementServiceListeningPort, KeyManagementServiceDnsPublishing, KeyManagementServiceLowPriority, ClientMachineId, KeyManagementServiceHostCaching, Version FROM SoftwareLicensingService; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 630 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2060 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:15 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| SppProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %SystemRoot%\System32\sppwmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 629 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2932 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 12:30:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1496; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 628 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 984 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1496; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 627 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2060 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1496; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesConfigured FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 626 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 984 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_TpmProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = C:\Windows\system32\wbem\Win32_TPM.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 625 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2932 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 12:30:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1496; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT VirtualizationBasedSecurityStatus FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 624 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 984 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1496; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 623 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 1732 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1496; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 622 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 984 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1496; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 621 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 984 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1496; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 620 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 984 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1496; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT VirtualizationBasedSecurityStatus FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 619 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 1732 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1496; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 618 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 1732 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1496; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 617 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 1732 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_DeviceGuard provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %SystemRoot%\System32\Win32_DeviceGuard.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 616 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2932 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 12:30:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1496; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : select ChassisTypes from Win32_SystemEnclosure; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 615 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2060 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:03 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1496; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\CIMV2 : SELECT SMBIOSAssetTag FROM Win32_SystemEnclosure ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 614 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2060 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:30:01 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1496; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ID FROM Win32_ServerFeature; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 613 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2060 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:54 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1268; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 612 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1268 | 1160 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:49 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| ServerFeatureProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %windir%\system32\wbem\servercompprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 611 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2932 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 12:29:49 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 610 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 609 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 608 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 607 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 606 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 605 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 604 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 603 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 602 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 601 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 600 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 599 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 598 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 597 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 596 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 595 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 594 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 593 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 592 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 591 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 590 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 589 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 588 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 587 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 586 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 585 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 584 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 583 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 582 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 581 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 580 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 579 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 578 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 577 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 576 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 575 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 574 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 573 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 572 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 571 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 570 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 569 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 568 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 567 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 566 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C6E6E94E-F76C-4BBA-8700-589116A4C6D4}; ClientMachine = HV-CINDER-81268; User = ; ClientProcessId = 600; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 565 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:42 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 564 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2932 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 12:29:35 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 600; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 563 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:34 PM | faa4b916-8c7c-0003-4cb9-a4fa7c8cd801 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __ClassOperationEvent; UserName = .\SYSTEM; ClientProcessID = 0, ClientMachine = ; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 562 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2744 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 561 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 3740 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3364; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 560 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3364 | 3392 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:31 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3364; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 559 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3364 | 3392 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:31 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 558 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2864 | hv-cinder-81268 | S-1-5-20 | 6/30/2022 12:29:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2560; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 557 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2748 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81268; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1780; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User : __Namespace.name="S_1_5_21_2335864033_4166916379_1806043422_500"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 556 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 600 | 2748 | hv-cinder-81268 | S-1-5-18 | 6/30/2022 12:29:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-61KKTAQ171A; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2060; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MSiSCSI_PortalInfoClass; ResultCode = 0x8004100A; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 555 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 540 | 940 | WIN-5T344G8GM1H | S-1-5-18 | 6/30/2022 12:28:41 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-61KKTAQ171A; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2060; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MS_SM_AdapterInformationQuery; ResultCode = 0x8004100A; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 554 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 540 | 940 | WIN-5T344G8GM1H | S-1-5-18 | 6/30/2022 12:28:41 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-61KKTAQ171A; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2172; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 553 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 540 | 2452 | WIN-5T344G8GM1H | S-1-5-18 | 6/30/2022 12:27:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-61KKTAQ171A; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1788; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : select * from Win32_OperatingSystem; ResultCode = 0x8004100A; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 552 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 540 | 2448 | WIN-5T344G8GM1H | S-1-5-18 | 6/30/2022 12:27:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4848; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "RNDISMPStatisticsOID"; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 551 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 3432 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:09 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4848; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WMIBinaryMofResource where Name = "C:\\windows\\System32\\drivers\\en-US\\netvsc.sys.mui[NdisMofResource]"; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 550 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 3432 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:09 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4460; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 549 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4460 | 5048 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:46:31 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4460; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 548 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4460 | 5048 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:46:31 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4848; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 547 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4848 | 4776 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:45:30 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = WIN-5T344G8GM1H\Administrator; ClientProcessId = 4956; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\Defender : SELECT * FROM MSFT_MpComputerStatus; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 546 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 1176 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:42:52 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| ProtectionManagement provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3752; ProviderPath = "%ProgramData%\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\ProtectionManagement.dll" | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 545 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3752 | 2228 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:42:52 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MsNetImPlatform provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\ndisimplatcim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 544 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2776 | 3064 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:42:52 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4120; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 543 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4120 | 4148 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:42:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 542 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2776 | 1292 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:42:48 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3752; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 541 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3752 | 2228 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:42:48 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 540 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2776 | 3064 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:42:48 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 539 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2776 | 3064 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:42:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 538 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2776 | 3064 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:42:16 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4120; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 537 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4120 | 4148 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:43 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 536 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2776 | 1292 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:41:39 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3752; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 535 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3752 | 2228 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:41:39 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 534 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2776 | 2812 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:41:39 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 976; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 533 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2172 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | ad8d0f9c-9109-0001-0a10-8dad0991d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __ClassOperationEvent; UserName = .\SYSTEM; ClientProcessID = 0, ClientMachine = ; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 532 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 531 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 388 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 530 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 529 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 528 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 527 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 526 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 525 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 524 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 523 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 522 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 521 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 520 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 519 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 518 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 517 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 516 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 515 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 514 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 513 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 512 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 511 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 510 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 509 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 508 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 507 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 506 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 505 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 504 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 503 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 502 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 501 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 500 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 499 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 498 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 497 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 496 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 495 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 494 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 493 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 492 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 491 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 490 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 489 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 488 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 487 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 486 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 485 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 484 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2776 | 2848 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:41:31 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2204; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 483 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2692 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3176; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 482 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3176 | 1548 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:40:26 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_RegisteredSubprofile; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 481 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 4728 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_SubProfileRequiresProfile; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 480 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 4728 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_RegisteredProfile; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 479 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 4728 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_ReferencedProfile; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 478 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 4728 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_ElementSoftwareIdentity; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 477 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 4728 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_ElementConformsToProfileEx; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 476 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 4728 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_ElementConformsToProfile; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 475 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 4728 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\cimv2\storage\ms_409 : __Namespace.Name='iscsitarget'; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 474 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 4728 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 473 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3968 | 4084 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2712; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 472 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2712 | 592 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2712; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 471 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2712 | 592 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:38:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4348; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 470 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4348 | 2924 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:35:55 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4444; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 469 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4444 | 4516 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:35:55 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4348; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 468 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4348 | 4632 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:35:55 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4348; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 467 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4348 | 4632 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:35:41 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4348; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 466 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4348 | 4632 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:35:41 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 465 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4824 | 1600 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:34:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1548; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 464 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1548 | 2160 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:34:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 463 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4824 | 1600 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:34:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 462 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4824 | 4808 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:34:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 764; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 461 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 764 | 1020 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:33:46 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 460 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4824 | 4808 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:32:20 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 459 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4824 | 4808 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:32:20 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 458 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3968 | 4084 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:31:16 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1520; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 457 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1520 | 2704 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:29:44 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1520; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 456 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1520 | 2704 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:29:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {4693033F-66F0-46C4-8E27-99621765768B}; ClientMachine = WIN-5T344G8GM1H; User = WIN-5T344G8GM1H\Administrator; ClientProcessId = 4124; Component = Core; Operation = Start IWbemServices::ExecMethod - root\microsoft\windows\servermanager : MSFT_ServerManagerTasks::GetServerFeature; ResultCode = 0x800706BE; PossibleCause = Could not send status to client | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 455 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2716 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {4693033F-66F0-46C4-8E27-99621765768B}; ClientMachine = WIN-5T344G8GM1H; User = WIN-5T344G8GM1H\Administrator; ClientProcessId = 4124; Component = Unknown; Operation = Start IWbemServices::ExecMethod - root\microsoft\windows\servermanager : MSFT_ServerManagerTasks::GetServerFeature; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 454 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 432 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4608; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 453 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4608 | 4636 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:30 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 452 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2872 | 2896 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:26 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4344; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 451 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4344 | 4368 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:27:26 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 450 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2872 | 2900 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:25 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 449 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2872 | 2900 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:20 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 448 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2872 | 2900 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:19 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 956; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 447 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2284 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | aff0bd57-9107-0002-9bbd-f0af0791d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __ClassOperationEvent; UserName = .\SYSTEM; ClientProcessID = 0, ClientMachine = ; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 446 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 445 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2284 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 444 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 443 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 442 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 441 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 440 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 439 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 438 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 437 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 436 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 435 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 434 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 433 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 432 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 431 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 430 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 429 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 428 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 427 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 426 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 425 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 424 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 423 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 422 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 421 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 420 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 419 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 418 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 417 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 416 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 415 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 414 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 413 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2868 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 412 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 411 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 410 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 409 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 408 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 407 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 406 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 405 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2868 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 404 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 403 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 402 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 401 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 400 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 399 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 398 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 397 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 396 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 395 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 394 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 393 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 392 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 391 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 390 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 389 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 388 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 387 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 386 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 385 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 384 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 383 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 382 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 381 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 380 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 379 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 378 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 377 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 376 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 375 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 374 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 373 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 372 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 371 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 370 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 369 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 368 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 367 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 366 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 365 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 364 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 363 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 362 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 361 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 360 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 359 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 358 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 357 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 356 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 355 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 354 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 353 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 352 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2872 | 2900 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2336; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 351 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = ROOT\virtualization\v2; NotificationQuery = SELECT * FROM __ClassOperationEvent; UserName = .\SYSTEM; ClientProcessID = 0, ClientMachine = ; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 350 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2360; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 349 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:52 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : Msvm_VirtualHardDiskState; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 348 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : Msvm_VirtualHardDiskSettingData; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 347 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : Msvm_VirtualHardDiskInfo; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 346 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : Msvm_ServicingSettings; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 345 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_SettingsDefineState; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 344 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_ServiceAffectsElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 343 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_ManagedElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 342 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_ElementSettingData; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 341 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_ElementCapabilities; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 340 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_Dependency; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 339 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_Component; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 338 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_AffectedJobElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 337 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : Msvm_SummaryInformationBase; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 336 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_SettingsDefineState; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 335 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_ServiceAffectsElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 334 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_ManagedElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 333 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_ElementSettingData; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 332 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_ElementCapabilities; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 331 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_Dependency; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 330 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_Component; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 329 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_AffectedJobElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 328 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 968; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 327 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | 96ed06e7-9107-0000-3d07-ed960791d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 326 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VirtualDiskChangedRange; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 325 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VHDSSnapshotInformation; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 324 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VHDSetInformation; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 323 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VirtualHardDiskSettingData; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 322 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VirtualHardDiskInfo; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 321 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_SummaryInformationBase; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 320 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_ServicingSettings; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 319 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_SettingsDefineState; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 318 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_ServiceAffectsElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 317 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_ManagedElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 316 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_ElementSettingData; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 315 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_ElementCapabilities; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 314 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_Dependency; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 313 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_Component; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 312 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_AffectedJobElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 311 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VirtualDiskChangedRange; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 310 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VHDSSnapshotInformation; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 309 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VHDSetInformation; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 308 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VirtualHardDiskSettingData; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 307 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VirtualHardDiskInfo; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 306 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_SummaryInformationBase; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 305 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_ServicingSettings; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 304 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_SettingsDefineState; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 303 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_ServiceAffectsElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 302 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_ManagedElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 301 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_ElementSettingData; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 300 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_ElementCapabilities; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 299 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_Dependency; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 298 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_Component; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 297 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_AffectedJobElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 296 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2840; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 295 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2840 | 2880 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:26:46 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2840; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 294 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2840 | 2880 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:26:44 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2840; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 293 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2840 | 2864 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:26:42 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 308; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 292 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2620 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:25:03 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 308; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 291 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 404 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:25:02 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2528; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 290 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2528 | 3456 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:24:56 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2508; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 289 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2508 | 4092 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:24:53 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2736; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 288 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2736 | 3804 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:24:53 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2508; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 287 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2508 | 4092 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:24:53 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2508; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 286 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2508 | 2824 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:24:53 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3200; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 285 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3200 | 3644 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:15 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 284 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 2920 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:23:12 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2540; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 283 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2540 | 3240 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:23:12 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 282 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 2884 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:23:11 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 281 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 2884 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:23:05 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 280 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 2884 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:23:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 956; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 279 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2916 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | 17f2f0cc-9107-0002-12f1-f2170791d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 278 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2908 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 277 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 2884 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:23:02 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3808; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 276 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3808 | 4032 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:14:59 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2664; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 275 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2664 | 2720 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:14:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2972; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 274 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2972 | 156 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:14:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2664; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 273 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2664 | 2720 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:14:57 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2664; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 272 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2664 | 1584 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:14:57 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = WIN-5T344G8GM1H\Administrator; ClientProcessId = 1860; Component = Unknown; Operation = Start IWbemServices::PutInstance - root\cimv2 : Win32_ComputerSystem.Name="WIN-5T344G8GM1H"; ResultCode = 0x80041001; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 271 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1180 | 4136 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:11:39 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4368; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 270 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4368 | 4496 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:10:55 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1784; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 269 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1784 | 2240 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:05:00 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 952; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 268 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 952 | 452 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:04:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1152; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 267 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1152 | 1396 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:04:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 952; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 266 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 952 | 452 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:04:57 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 952; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 265 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 952 | 1000 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:04:57 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3176; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 264 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3176 | 3364 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:58:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4672; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 263 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4672 | 4700 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:57:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4672; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 262 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4672 | 4700 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:57:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 88; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 261 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1180 | 1284 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:56:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4672; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 260 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4672 | 4700 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:56:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 1180; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 259 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1180 | 4340 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:56:46 AM | 289cfce6-9103-0003-f9fd-9c280391d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 258 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1180 | 4340 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:56:46 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 257 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3968 | 4008 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:55:06 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 256 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3968 | 4008 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:55:05 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3688; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 255 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3688 | 3696 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:55:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 254 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3968 | 4020 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:54:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4024; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 253 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4024 | 4052 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:54:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 252 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3968 | 4008 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:54:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 251 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3968 | 3996 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:54:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3880; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 250 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3880 | 3916 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:54:38 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7C5C4FFB-9102-0000-4A51-5C7C0291D301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 1192; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 249 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1192 | 3004 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:34 AM | 7c5c4ffb-9102-0000-4a51-5c7c0291d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1200; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 248 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1200 | 2840 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:03 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 1192, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 247 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1192 | 2792 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:52:27 AM | 7c5c4ffb-9102-0001-8851-5c7c0291d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1192; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 246 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1192 | 2792 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:52:27 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 1192; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 245 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1192 | 2796 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:51:57 AM | 7c5c4ffb-9102-0001-5f51-5c7c0291d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 244 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1192 | 2796 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:51:57 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 243 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3832 | 3932 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:51:38 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 242 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3832 | 3872 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:51:37 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 428; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 241 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 428 | 1316 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:51:13 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 240 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3832 | 3872 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:51:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3888; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 239 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3888 | 3916 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:51:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 238 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3832 | 3872 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:51:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 237 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3832 | 3860 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:51:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4796; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 236 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4796 | 840 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:45:55 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2284; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 235 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2284 | 2676 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:44:15 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2548; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 234 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2548 | 2728 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:44:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2300; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 233 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2300 | 4360 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:44:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2548; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 232 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2548 | 2728 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:44:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2548; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 231 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2548 | 3736 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:44:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1052; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 230 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1052 | 4868 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:36:56 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3184; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 229 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3184 | 404 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:34:15 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_WIN32_TERMINALSERVICE_Prov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %SystemRoot%\system32\tscfgwmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 228 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 4616 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:34:14 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4600; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\WMI : SELECT * FROM BatteryStaticData; ResultCode = 0x80041010; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 227 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 4904 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:34:14 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4600; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\WMI : SELECT * FROM BatteryFullChargedCapacity; ResultCode = 0x80041010; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 226 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 4904 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:34:13 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| PowerWmiProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %SYSTEMROOT%\system32\PowerWmiProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 225 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1368 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:34:13 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %SystemRoot%\System32\storagewmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 224 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1368 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:34:11 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 223 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1368 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:34:11 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 222 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1368 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:34:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2920; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 221 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2920 | 4532 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:34:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 220 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1368 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:34:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 219 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1532 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:34:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9A81CB05-910F-0003-8ACC-819A0F91D301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 964; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 218 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 4228 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:15 AM | 9a81cb05-910f-0003-8acc-819a0f91d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 217 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 1824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:01 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesConfigured FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 216 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 5076 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:01 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_TpmProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = C:\Windows\system32\wbem\Win32_TPM.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 215 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1532 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:33:01 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT VirtualizationBasedSecurityStatus FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 214 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 5076 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:01 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 213 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 5076 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:01 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 212 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 1824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:01 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 211 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 5076 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:01 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_DeviceGuard provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %SystemRoot%\System32\Win32_DeviceGuard.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 210 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1532 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:33:01 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\CIMV2 : SELECT SMBIOSAssetTag FROM Win32_SystemEnclosure ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 209 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 5076 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:32:59 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 208 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1532 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:32:59 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 207 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 2868 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:32:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1912; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 206 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1912 | 3084 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:32:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| ServerFeatureProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %windir%\system32\wbem\servercompprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 205 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1532 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:32:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 996; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 204 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 996 | 456 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:29:00 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 996; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 203 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 996 | 456 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:29:00 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4324; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 202 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4324 | 3568 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:27:56 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 964, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 201 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 3260 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:26:55 AM | 9a81cb05-910f-0000-a4cc-819a0f91d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 964; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 200 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 3260 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:26:55 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 199 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 3768 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 198 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 3768 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:25:57 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 964; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 197 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 4648 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:25:52 AM | 9a81cb05-910f-0003-4bcc-819a0f91d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 196 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 4648 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:25:52 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 195 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 3768 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:24:46 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4124; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 194 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4124 | 4152 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:15 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 193 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 3820 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:24:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3084; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 192 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3084 | 3436 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:24:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 191 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 3800 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:24:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 190 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 3800 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:24:03 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 189 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 3800 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:24:03 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3868; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 188 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3868 | 3176 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:37:16 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2504; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 187 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2504 | 2192 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:37:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2788; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 186 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2788 | 2624 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 6:37:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2504; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 185 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2504 | 2192 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:37:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2504; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 184 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2504 | 2440 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:37:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4024; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 183 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4024 | 3868 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:27:16 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1288; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 182 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1288 | 3280 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:27:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1500; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 181 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1500 | 2664 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 6:27:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1288; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 180 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1288 | 3280 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:27:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1288; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 179 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1288 | 4056 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:27:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 652; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 178 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 652 | 1972 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:17:16 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4032; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 177 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4032 | 3152 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:17:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3688; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 176 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3688 | 3124 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 6:17:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4032; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 175 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4032 | 1184 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:17:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4032; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 174 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4032 | 1160 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:17:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1088; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 173 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1088 | 4088 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:10:25 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 172 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 1752 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:08:29 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 1176; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 171 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 3928 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:08:20 PM | b65c0852-8ef4-0003-8709-5cb6f48ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 170 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 3928 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:08:20 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 169 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 1752 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:07:37 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 168 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 1752 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:07:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 167 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 4072 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:07:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4076; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 166 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4076 | 1920 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 6:07:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 165 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 4060 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:07:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 164 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2824 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:07:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 163 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 162 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesConfigured FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 161 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2640 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_TpmProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = C:\Windows\system32\wbem\Win32_TPM.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 160 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2824 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:06:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT VirtualizationBasedSecurityStatus FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 159 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2640 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 158 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 157 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 156 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 155 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_DeviceGuard provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %SystemRoot%\System32\Win32_DeviceGuard.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 154 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2824 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:06:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : select ChassisTypes from Win32_SystemEnclosure; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 153 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2640 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 152 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2824 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:06:32 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ID FROM Win32_ServerFeature; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 151 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2640 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:32 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2832; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 150 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2832 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| ServerFeatureProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %windir%\system32\wbem\servercompprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 149 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2812 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:06:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4892; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 148 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4892 | 836 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:02:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4256; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 147 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4256 | 4144 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:53:30 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4976; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 146 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4976 | 3800 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:53:24 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5092; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 145 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 5092 | 2628 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:53:24 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4976; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 144 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4976 | 3800 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:53:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4976; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 143 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4976 | 5116 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:53:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {53B2B737-8EF1-0000-6DB9-B253F18ED301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 1152; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 142 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1152 | 4780 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:50:11 PM | 53b2b737-8ef1-0000-6db9-b253f18ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3688; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 141 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3688 | 2160 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:46:15 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 1152, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 140 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1152 | 4676 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:44:23 PM | 53b2b737-8ef1-0003-feb9-b253f18ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1152; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 139 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1152 | 4676 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:44:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 400; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 138 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1152 | 2600 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:44:12 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4212; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 137 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4212 | 4236 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:31 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 136 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2796 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:43:29 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 135 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 3216 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:43:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3208; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 134 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3208 | 3308 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 133 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 324 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:43:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 132 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 324 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:43:17 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 131 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 324 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:43:17 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 1152; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 130 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1152 | 2720 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:42:38 PM | 53b2b737-8ef1-0001-8eb7-b253f18ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 129 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1152 | 2720 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:42:38 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A4626349-8EA8-0003-B36D-62A4A88ED301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 128 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 3696 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:37:24 PM | a4626349-8ea8-0003-b36d-62a4a88ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 164; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 127 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 164 | 3628 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:35:48 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WmiPerfInst provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3868; ProviderPath = C:\Windows\System32\wbem\WmiPerfInst.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 126 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3868 | 1388 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:35:07 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4924; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 125 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4924 | 428 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:04 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WmiPerfClass provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4924; ProviderPath = C:\Windows\System32\wbem\WmiPerfClass.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 124 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4924 | 5928 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:03 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 924, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 123 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2052 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:34:06 PM | a4626349-8ea8-0002-ed6e-62a4a88ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 924; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 122 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2052 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:34:06 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5028; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 121 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 5028 | 5328 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:32:53 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5804; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 120 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 5804 | 5824 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:32:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3816; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 119 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3816 | 1224 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:32:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5804; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 118 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 5804 | 5824 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:32:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5804; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 117 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 5804 | 912 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:32:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3180; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 116 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3180 | 804 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:22:47 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 115 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 5300 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:22:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 888; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 114 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 888 | 5288 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:22:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 113 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 5300 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:22:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 112 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 3704 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:22:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5964; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 111 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 5964 | 3468 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:12:54 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A4626349-8EA8-0000-8A6D-62A4A88ED301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 110 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 1992 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:12:41 PM | a4626349-8ea8-0000-8a6d-62a4a88ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1260; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 109 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1260 | 1960 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:12:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2736; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 108 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2736 | 2320 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:12:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1260; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 107 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1260 | 1960 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:12:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1260; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 106 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1260 | 1936 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:12:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 924, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 105 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 3016 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:06:17 PM | a4626349-8ea8-0003-146c-62a4a88ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 924; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 104 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 3016 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:06:17 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3428; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 103 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3428 | 5844 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:06:06 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3428; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 102 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3428 | 5844 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:06:06 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2768; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 101 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2768 | 1104 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:05:59 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 100 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 3704 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:04:01 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 924; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 99 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 3356 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:03:48 PM | a4626349-8ea8-0003-c36b-62a4a88ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 98 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 1768 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:03:48 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 97 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 3704 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:02:51 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 96 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 812 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:02:39 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5960; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 95 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 5960 | 5988 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:39 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 94 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 3084 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:02:39 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2972; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ID FROM Win32_ServerFeature; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 93 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2352 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 92 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{F9C77450-3A41-477E-9310-9ACD617BD9E3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 91 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 90 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 89 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 88 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 87 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 86 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 85 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 84 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 83 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 82 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 81 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 80 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 79 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 78 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 77 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 76 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 75 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 74 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 73 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 72 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 71 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 70 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 69 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{5794DAFD-BE60-433f-88A2-1A31939AC01F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 68 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{4D2F9B6F-1E52-4711-A382-6A8B1A003DE6}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 67 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 66 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 65 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 64 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 63 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 62 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{25537BA6-77A8-11D2-9B6C-0000F8080861}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 61 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 60 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 59 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 58 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 57 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2768; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 56 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2768 | 1124 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2768; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 55 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2768 | 1124 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 54 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 53 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 52 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 51 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 50 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 49 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 48 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 47 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 46 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 45 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 44 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 43 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 42 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 41 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 40 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 39 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 38 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 37 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 36 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 35 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 34 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 33 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 32 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 31 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 30 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 29 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 28 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 27 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 26 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 25 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 24 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 23 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 22 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 21 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 20 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 19 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 18 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 17 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 16 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 15 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 14 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 13 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 12 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 11 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 10 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 9 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 8 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3440; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 7 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3440 | 3468 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| ServerFeatureProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %windir%\system32\wbem\servercompprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 6 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 3084 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2972; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : select ChassisTypes from Win32_SystemEnclosure; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 5 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2484 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 4 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 3084 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:02:06 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 3 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 2436 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:02:05 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-PD8DQPRRTAO; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2508; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MSiSCSI_PortalInfoClass; ResultCode = 0x8004100A; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 2 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 916 | 2392 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-PD8DQPRRTAO; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2508; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MS_SM_AdapterInformationQuery; ResultCode = 0x8004100A; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 1 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 916 | 2392 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |