Message	Id	Version	Qualifiers	Level	Task	Opcode	Keywords	RecordId	ProviderName	ProviderId	LogName	ProcessId	ThreadId	MachineName	UserId	TimeCreated	ActivityId	RelatedActivityId	ContainerLog	MatchedQueryIds	Bookmark	LevelDisplayName	OpcodeDisplayName	TaskDisplayName	KeywordsDisplayNames	Properties
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	855	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	4860	hv-cinder-81558	S-1-5-20	8/5/2022 10:50:35 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1632; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	854	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1632	96	hv-cinder-81558	S-1-5-18	8/5/2022 10:48:33 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	853	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	3016	hv-cinder-81558	S-1-5-20	8/5/2022 10:48:33 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {180F9ECA-53E0-434D-93BD-00AA68363978}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=669175941; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	852	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	4500	hv-cinder-81558	S-1-5-18	8/5/2022 10:48:11 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {0EC65ACE-90C8-439A-AF1B-A7400DD71837}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-7aef519f-76cb-4dbd-ba5b-5fa2f6b86fb3"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	851	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	4500	hv-cinder-81558	S-1-5-18	8/5/2022 10:48:09 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FEC2A28A-8897-49DA-81AA-73F5BA47762E}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-7aef519f-76cb-4dbd-ba5b-5fa2f6b86fb3",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81558"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	850	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	4500	hv-cinder-81558	S-1-5-18	8/5/2022 10:48:09 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {BBE65D6D-946A-4B5D-BBAB-868DE23E5929}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{95FFDDDA-4B8B-465A-B970-D6FB28167474}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	849	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2076	hv-cinder-81558	S-1-5-18	8/5/2022 10:48:05 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {E0C3FB42-6C70-4E2C-819E-0EE6E0A710B7}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1394212896; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	848	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	4500	hv-cinder-81558	S-1-5-18	8/5/2022 10:48:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {8614BFF9-ADC4-4209-9BAE-B33B670CEBBA}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-0d7c357d-766e-4387-97be-c6f6a038ed28"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	847	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2076	hv-cinder-81558	S-1-5-18	8/5/2022 10:48:02 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {CA481B35-9E55-4E38-8032-11CEB4EC902F}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-0d7c357d-766e-4387-97be-c6f6a038ed28",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81558"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	846	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	4500	hv-cinder-81558	S-1-5-18	8/5/2022 10:48:02 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2136; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll	5857	0		0	0	0	4611686018427387904	845	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2136	3868	hv-cinder-81558	S-1-5-19	8/5/2022 10:48:02 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %SystemRoot%\System32\storagewmi.dll	5857	0		0	0	0	4611686018427387904	844	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	3016	hv-cinder-81558	S-1-5-20	8/5/2022 10:48:00 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	843	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	3016	hv-cinder-81558	S-1-5-20	8/5/2022 10:47:31 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %SystemRoot%\System32\storagewmi.dll	5857	0		0	0	0	4611686018427387904	842	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	3016	hv-cinder-81558	S-1-5-20	8/5/2022 10:45:56 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVSS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %systemroot%\system32\wbem\vsswmi.dll	5857	0		0	0	0	4611686018427387904	841	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	3016	hv-cinder-81558	S-1-5-20	8/5/2022 10:45:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {1B388961-97FF-482E-86F1-779CCC21A1CC}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=148025125; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	840	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2076	hv-cinder-81558	S-1-5-18	8/5/2022 10:45:48 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4848; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll	5857	0		0	0	0	4611686018427387904	839	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4848	4904	hv-cinder-81558	S-1-5-19	8/5/2022 10:45:40 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	838	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	3016	hv-cinder-81558	S-1-5-20	8/5/2022 10:45:29 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	837	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	3016	hv-cinder-81558	S-1-5-20	8/5/2022 10:44:27 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {6D5AC8E8-4F81-412F-9363-4B7ED166893D}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-7aef519f-76cb-4dbd-ba5b-5fa2f6b86fb3"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	836	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2800	hv-cinder-81558	S-1-5-18	8/5/2022 10:43:27 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {94350B68-7FF0-4EBB-8BC6-D651BF4A232E}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-7aef519f-76cb-4dbd-ba5b-5fa2f6b86fb3",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81558"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	835	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2800	hv-cinder-81558	S-1-5-18	8/5/2022 10:43:27 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1308; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll	5857	0		0	0	0	4611686018427387904	834	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1308	1816	hv-cinder-81558	S-1-5-19	8/5/2022 10:43:27 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %SystemRoot%\System32\storagewmi.dll	5857	0		0	0	0	4611686018427387904	833	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	3016	hv-cinder-81558	S-1-5-20	8/5/2022 10:43:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	832	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	3016	hv-cinder-81558	S-1-5-20	8/5/2022 10:43:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	831	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	3016	hv-cinder-81558	S-1-5-20	8/5/2022 10:42:24 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %SystemRoot%\System32\storagewmi.dll	5857	0		0	0	0	4611686018427387904	830	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	3016	hv-cinder-81558	S-1-5-20	8/5/2022 10:40:56 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVSS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %systemroot%\system32\wbem\vsswmi.dll	5857	0		0	0	0	4611686018427387904	829	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	3016	hv-cinder-81558	S-1-5-20	8/5/2022 10:40:41 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {AD60A6B5-23EE-4252-9B3D-6C72706415B5}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1144153795; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	828	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2076	hv-cinder-81558	S-1-5-18	8/5/2022 10:40:18 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {CA18C967-95BC-4F04-AA20-FFF1AFA1763A}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{ABB636B5-3A9C-47D4-ADEA-80D81049D806}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	827	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	612	hv-cinder-81558	S-1-5-18	8/5/2022 10:40:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {ECAA1BAD-A031-466C-B7CB-5243BE1F532A}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{5953EC6C-AC7A-4600-A7DB-193F87068F7F}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	826	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2076	hv-cinder-81558	S-1-5-18	8/5/2022 10:40:16 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {940C2C58-F469-4DC4-9F32-5E1346FC05C8}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{4F849BED-1427-431D-B9CB-8C5D66112A0F}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	825	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	612	hv-cinder-81558	S-1-5-18	8/5/2022 10:40:15 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {6B31C8C5-6EA3-456D-83B4-9A5246380071}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=729214518; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	824	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2076	hv-cinder-81558	S-1-5-18	8/5/2022 10:39:56 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {F43D67A6-566D-4F99-A2B8-006BAF724DF5}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2033306106; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	823	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2076	hv-cinder-81558	S-1-5-18	8/5/2022 10:39:54 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {ADF28904-E914-4426-9F37-518864264899}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1406027022; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	822	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	612	hv-cinder-81558	S-1-5-18	8/5/2022 10:39:53 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {2908D116-C6DD-4F05-BF6D-6D87C2B63A1F}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{BA2C0FBE-21ED-40FD-86E6-CC4F855F7DBA}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	821	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2076	hv-cinder-81558	S-1-5-18	8/5/2022 10:39:52 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {CDFEE871-AF5B-4D65-B05A-66E0A970A35E}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1254963306; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	820	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	612	hv-cinder-81558	S-1-5-18	8/5/2022 10:39:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {B6D7524E-FBD0-4F47-918E-D3E25EABC1AB}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{B1CABF83-CE46-47F1-A013-4426892FD11C}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	819	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	612	hv-cinder-81558	S-1-5-18	8/5/2022 10:39:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {36ED1343-FBBF-4C9F-8171-CB73D2DC36F8}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=359773767; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	818	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	612	hv-cinder-81558	S-1-5-18	8/5/2022 10:39:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {942871F6-A1E5-4A8B-B97D-714A1A6171C8}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1548988909; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	817	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	612	hv-cinder-81558	S-1-5-18	8/5/2022 10:39:48 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FA3D72E8-CB8B-493D-951B-D610DB8A6AF4}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=732579246; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	816	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2076	hv-cinder-81558	S-1-5-18	8/5/2022 10:39:39 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {CF5D81A6-1567-459E-B48E-81EDD25F1BD8}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2120763319; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	815	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2076	hv-cinder-81558	S-1-5-18	8/5/2022 10:39:38 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVSS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %systemroot%\system32\wbem\vsswmi.dll	5857	0		0	0	0	4611686018427387904	814	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	3016	hv-cinder-81558	S-1-5-20	8/5/2022 10:39:33 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {90C8CB23-FBF9-4A73-B16E-89AD0DD5CE37}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-0db07ff3-b6c5-4154-bb69-9053d54c9e79"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	813	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:39:28 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {43F47B1B-C327-44DF-B80B-1B3F1C593485}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-0db07ff3-b6c5-4154-bb69-9053d54c9e79",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81558"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	812	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:39:28 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {DB8254EF-2383-4515-9E4D-4F7DA00BE2E9}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{D679F53B-DBA1-49C4-8204-03DD0C08DC4C}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	811	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:39:26 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {AA27A2F4-B94C-4847-91CB-F52D5E4DEAA4}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{8B66C09D-AFC7-417D-BDE6-C7A7745099BF}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	810	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:39:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {7A0CBCAD-E19E-4642-9808-4BF47557F4F3}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{3CDEF1B8-CF2C-4ACD-93D9-AC46A2EE8761}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	809	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:39:24 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {BEE1645F-D862-416C-A5A5-61F72C02B448}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{7A06A159-D03F-4D4F-97C2-E31C205A89C4}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	808	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3244	hv-cinder-81558	S-1-5-18	8/5/2022 10:38:47 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {0A49C82E-D0F0-46BF-AA54-56BF8D6D6B24}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=787463347; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	807	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:38:46 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {F1E1C9A3-8816-4EF3-B9CC-C051FF3ADA94}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-55217458-3659-4df8-8da3-41ac7f481177"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	806	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3244	hv-cinder-81558	S-1-5-18	8/5/2022 10:38:38 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {002FE470-9648-43C1-A910-21B695297487}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-55217458-3659-4df8-8da3-41ac7f481177",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81558"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	805	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:38:38 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {0DA2503B-96F1-4972-B411-32FCB8A29057}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{04CE9154-71C3-4D20-A375-835BEE664A15}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	804	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3244	hv-cinder-81558	S-1-5-18	8/5/2022 10:38:34 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {43FAEF41-7929-4078-ABB1-EDD328C50B0B}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{A65C8D4D-147D-4088-B423-586F2C14DF2A}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	803	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:38:33 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {7B577616-AD4F-4A93-AE47-14E27DED6D97}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{10657960-1917-4478-A460-B3D80805C281}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	802	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	776	hv-cinder-81558	S-1-5-18	8/5/2022 10:38:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {D7102A17-57A6-4C52-B542-1EB28248BB8D}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2125384264; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	801	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	776	hv-cinder-81558	S-1-5-18	8/5/2022 10:38:10 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %SystemRoot%\System32\storagewmi.dll	5857	0		0	0	0	4611686018427387904	800	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	3016	hv-cinder-81558	S-1-5-20	8/5/2022 10:38:09 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {CD02DEFE-17D8-447C-B6E3-3B583B2EFD4E}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=583773785; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	799	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:38:05 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {5AB44B1F-FF39-4F43-A13D-7F995AD60A91}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{87A49B16-3D17-4E93-88B0-35AFCC51EE51}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	798	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:38:03 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {879E3E85-E7D8-4304-A4C9-C16EBD1E2535}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=881939495; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	797	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	776	hv-cinder-81558	S-1-5-18	8/5/2022 10:37:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {05C671D8-C32D-4A6C-83F1-AC3EAFBC3C52}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{FCBE335E-12EB-438A-B876-D2DF0B5E4487}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	796	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	776	hv-cinder-81558	S-1-5-18	8/5/2022 10:37:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {8E041975-2495-448B-97B6-C58F3B1D1274}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{75E3A8CF-2F82-4D84-AA9F-43ACCCBB9A96}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	795	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	776	hv-cinder-81558	S-1-5-18	8/5/2022 10:37:47 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FDE886F0-D694-4805-8A38-664BC97E2935}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{40DCF553-4513-4F4E-AE8F-7A5770808056}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	794	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	776	hv-cinder-81558	S-1-5-18	8/5/2022 10:37:38 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {CCC4B9ED-391B-4013-8C18-ECF1C1E1F11D}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{53010D09-3EAB-496E-A424-7F9C43C3CBE4}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	793	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:37:30 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {4695E517-AD04-4DFE-A9C6-C734914DD87B}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{11E93913-56C9-4382-BF45-BD4CF9A752E4}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	792	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:37:23 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FEAF8162-2EAC-40BE-B89E-8478B16A83F1}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=45464318; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	791	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:37:07 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {F6BA6802-14A0-4BA6-B6D9-E9E526081503}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=830348516; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	790	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2076	hv-cinder-81558	S-1-5-18	8/5/2022 10:37:06 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {EEC2FF3C-91E7-4D34-9984-65C160DDDBC6}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=120382490; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	789	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:37:05 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {BA0CD3CA-75F6-4510-9F91-1C8AE2490805}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1312361396; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	788	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:37:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {BBADCC2A-4F99-4EA4-B3CC-68FDBD4C2FE6}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{EAB8BDCC-1629-48F9-95AC-883C79F973A3}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	787	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:37:02 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {6E314082-231A-4921-97F3-766733FE7C1D}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2100167788; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	786	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {8DD08B56-D9BF-49DE-BE6D-C3A6286A7817}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1007508923; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	785	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:48 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {14C1D178-F0C1-418B-9B33-5DAC12402257}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1837173486; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	784	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:47 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {5654B08C-621F-4F3D-8AE6-BA67D14FB389}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=630050372; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	783	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:47 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {6E8302E5-A749-4207-B90A-C3E59D92DB2D}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{9CE2FACF-6274-4CF1-B1DD-BE0197CDE1B9}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	782	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:46 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {668D3357-F722-42FC-9466-22E96C85B3C0}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1645925079; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	781	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:46 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {F9155B18-4680-441E-B1E1-A395B2A21D43}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1280457180; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	780	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:45 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C59C6220-80A2-4B94-BA5F-45F9C064F869}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=400987989; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	779	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:37 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {B354CB11-6C41-46D0-AB80-8EBC35AC5D6B}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1926026486; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	778	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:27 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {6E1CB820-A57F-4B14-92D4-6586B6A7F0B0}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=375846352; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	777	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {60EBBFCC-8370-4CA9-9BF2-9D9BCA5C2459}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=648487327; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	776	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:24 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9C49687D-75CB-4F6D-8580-FE4C15BDCDFF}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-f163ec38-7a7b-42af-a170-cf892803e76a"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	775	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:19 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {5AAA3CD4-D33F-427E-B84C-15E44839B971}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-f163ec38-7a7b-42af-a170-cf892803e76a",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81558"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	774	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:19 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {A524C5FE-4E11-40FC-B5F1-8666CC9456E3}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=117279402; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	773	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:18 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {49AD0186-9FDF-478F-A23B-1241C1A61D61}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{19C5A4A9-167C-4856-AF34-0EBA9BD880EF}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	772	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2076	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:16 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {260FDBC8-1F5F-4817-8E4F-C0C9B6C2864E}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=99616897; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	771	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:05 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C23DE5CD-0062-461E-96BB-BC200525C635}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=662841412; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	770	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:03 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {99E4634F-0039-48E8-BE98-DF60C43432BA}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1296976368; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	769	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:36:02 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {EB30D7C1-3D8F-4BA2-805E-6D5A90847AD6}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-b5ae392d-7645-456a-b551-32d98448709f"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	768	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:35:56 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {6D7F9C8F-D993-4DE2-8A0E-4097BDD8CB2A}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-b5ae392d-7645-456a-b551-32d98448709f",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81558"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	767	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2076	hv-cinder-81558	S-1-5-18	8/5/2022 10:35:56 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {CFC75A2F-6E35-416F-B61B-F3D64F724FC4}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-c8b28bbf-64ee-43a0-8f47-642d7669eba2"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	766	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:35:54 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {BF9C54CC-43FF-49FC-8701-55AB127B7C1B}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-c8b28bbf-64ee-43a0-8f47-642d7669eba2",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81558"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	765	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:35:54 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {DE3B124B-8978-44EC-B25F-397CBA9097F1}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1404001532; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	764	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	4500	hv-cinder-81558	S-1-5-18	8/5/2022 10:35:43 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {14655EC9-BA87-43A8-BAD0-33345AA6838E}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-30b546bc-a6d9-488f-ad92-6eaf8ac0133c"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	763	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:35:43 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {32BBB608-7D90-4523-B37C-3866419216E5}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-30b546bc-a6d9-488f-ad92-6eaf8ac0133c",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81558"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	762	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:35:43 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {B2669460-119D-40CE-838D-794B38BADD91}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1085545312; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	761	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:35:40 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {0FF39709-321E-4A77-AA11-E5A5A14A69DA}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=988284852; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	760	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:35:38 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {A4ECD82B-07AA-42EA-B0AA-604A2F9CA7AF}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=20522844; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	759	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	4500	hv-cinder-81558	S-1-5-18	8/5/2022 10:35:37 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %SystemRoot%\System32\storagewmi.dll	5857	0		0	0	0	4611686018427387904	758	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	3016	hv-cinder-81558	S-1-5-20	8/5/2022 10:35:35 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {8264ABF6-C64A-4F31-9F80-FB3BBDC61D12}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2035338619; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	757	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:35:08 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {6530A993-C85B-4691-AA0E-D8FF307131B5}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2052144859; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	756	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:35:06 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {D04A4748-435B-4985-8A96-FF43C253B31B}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{1B4A7272-F39B-4127-BB39-C86F0947969C}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	755	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:35:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {5C600B67-04DA-4BBA-9359-9028854B3C2B}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=881012493; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	754	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	4500	hv-cinder-81558	S-1-5-18	8/5/2022 10:35:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {2FA7E1B4-26E7-4EA2-B1ED-7CF59DA3BDAB}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=277657529; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	753	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:34:56 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9DB61181-6415-452C-B103-976BA153C794}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1503884111; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	752	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:34:55 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {5AFD2222-BED5-43C0-B6AA-9EB4F66FD30C}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=383233934; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	751	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	4500	hv-cinder-81558	S-1-5-18	8/5/2022 10:34:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {2B93BC57-B46D-4C66-9A1A-A909ADAA36AF}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=24930520; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	750	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:34:48 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {35D427DD-5F7F-4809-8930-EE5EF0655B07}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1372209567; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	749	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:34:47 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {43142D1C-6C36-47A7-B323-8C6274170129}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1334963702; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	748	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	4500	hv-cinder-81558	S-1-5-18	8/5/2022 10:34:46 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {89CD066D-BF12-4BEB-8335-0CBC38768774}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{F8588653-0AAE-485F-9792-897A151B010C}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	747	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:34:45 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {1D8C54E5-8DD5-4BBC-A3C8-06E7D88AF4B6}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=623005904; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	746	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	4500	hv-cinder-81558	S-1-5-18	8/5/2022 10:34:44 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {4880ACDB-8AD6-4F54-93EE-2B14AAF49B1A}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{42557198-8E13-40D3-9E7D-76506EEC9710}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	745	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:34:36 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9133F830-AD66-4D41-BD4C-2BE2A3F05AD5}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=196655428; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	744	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:34:34 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {ACBAEBE5-3E6B-4296-A946-AB9E4BD61365}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-89b4377e-9e6e-48f9-82f4-3ea0ecb92c39"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	743	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:34:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {BADE08C6-6426-436A-956C-7B2958347388}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-89b4377e-9e6e-48f9-82f4-3ea0ecb92c39",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81558"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	742	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2508	hv-cinder-81558	S-1-5-18	8/5/2022 10:34:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9455B25C-705B-488F-AB8F-18192A2A1C35}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1006523735; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	741	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:34:00 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {A87041A9-771B-4C52-B49F-A243F7D5377A}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1943095105; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	740	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:33:57 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {1C7C9A98-1335-4D6E-8AF7-B7FB81536E3B}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1711160231; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	739	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	612	hv-cinder-81558	S-1-5-18	8/5/2022 10:33:44 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {D547BAD9-AF04-4AE1-ABEC-103962E7D1F5}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=259798793; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	738	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:33:41 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVSS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %systemroot%\system32\wbem\vsswmi.dll	5857	0		0	0	0	4611686018427387904	737	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	3016	hv-cinder-81558	S-1-5-20	8/5/2022 10:33:40 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {42FB6A97-F884-4CB1-9C60-5AF18E6D87AB}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-30b546bc-a6d9-488f-ad92-6eaf8ac0133c"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	736	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	4500	hv-cinder-81558	S-1-5-18	8/5/2022 10:33:18 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {DDD26C8A-9984-4634-9727-94C66D1FE266}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-30b546bc-a6d9-488f-ad92-6eaf8ac0133c",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81558"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	735	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:33:18 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C56081C9-90DE-4733-AAD6-61C03E7D0E99}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=792772720; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	734	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3244	hv-cinder-81558	S-1-5-18	8/5/2022 10:33:07 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {7F39331F-1CEB-46A2-965C-B34AAB954CF9}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=134259212; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	733	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3244	hv-cinder-81558	S-1-5-18	8/5/2022 10:33:06 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {751E61BF-1D18-46C1-9C60-ABD58790E182}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-aeb10a98-520c-494d-80ea-7cc61a200ff8"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	732	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:32:57 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {A4D98EA8-86B9-40FD-8221-92614AC7C046}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-aeb10a98-520c-494d-80ea-7cc61a200ff8",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81558"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	731	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2508	hv-cinder-81558	S-1-5-18	8/5/2022 10:32:57 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {1CCCE5AE-9439-430E-B649-E94F90D4E87D}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1409015690; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	730	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2508	hv-cinder-81558	S-1-5-18	8/5/2022 10:32:36 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {92A4C5EE-E5DB-437E-9186-91B54F3E19C3}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-d9765be7-4d9f-4cc1-a504-306e579b20a9"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	729	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2508	hv-cinder-81558	S-1-5-18	8/5/2022 10:32:35 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {3298E651-FBAB-4A8F-8041-7C339D3D9CE3}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-d9765be7-4d9f-4cc1-a504-306e579b20a9",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81558"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	728	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2508	hv-cinder-81558	S-1-5-18	8/5/2022 10:32:35 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {DC10DC83-905A-404D-8794-66CE6869316C}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-6dce2d6a-f7d6-48a3-ab45-ced42e95fb2a"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	727	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2508	hv-cinder-81558	S-1-5-18	8/5/2022 10:32:34 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {50A0DFF0-C800-4C3D-9D31-97B6E7CD1AEC}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-6dce2d6a-f7d6-48a3-ab45-ced42e95fb2a",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81558"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	726	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	4500	hv-cinder-81558	S-1-5-18	8/5/2022 10:32:34 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {CA614781-C8A9-4503-94D1-72A05D39911B}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-843f4994-a0d7-44a6-b614-8977f3400e5e"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	725	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2076	hv-cinder-81558	S-1-5-18	8/5/2022 10:32:13 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {07D08C00-32E9-4219-8956-770BBE0C7664}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-843f4994-a0d7-44a6-b614-8977f3400e5e",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81558"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	724	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2076	hv-cinder-81558	S-1-5-18	8/5/2022 10:32:13 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {490D8BEB-C880-4036-A548-E91BEAE61327}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-40b8050a-869e-401c-bec5-e2ae81488822"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	723	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:31:40 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {4EDCB42A-1E7F-449A-A48F-394649899029}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-40b8050a-869e-401c-bec5-e2ae81488822",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81558"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	722	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:31:40 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %SystemRoot%\System32\storagewmi.dll	5857	0		0	0	0	4611686018427387904	721	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	3016	hv-cinder-81558	S-1-5-20	8/5/2022 10:31:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {07058FAF-4D88-46F5-A8C5-3CB4B8870C3C}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1376723846; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	720	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	612	hv-cinder-81558	S-1-5-18	8/5/2022 10:30:27 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {90BFB3E9-7F75-4E16-B2AC-28F90AE0F19D}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=449491509; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	719	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:30:26 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {363920BF-AAFD-46A9-B566-34B50FA86E56}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{479458CC-DD70-48EF-BCB1-F5C75F13D6EF}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	718	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2508	hv-cinder-81558	S-1-5-18	8/5/2022 10:30:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {18EB15AF-F0EE-4882-8919-E57BE9DF2BD7}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1003569148; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	717	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:29:43 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {8A976FEF-F9C8-49E8-97DA-5C18B4178312}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{5AEEFB5D-1304-448B-B1BB-0B518D482180}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	716	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2800	hv-cinder-81558	S-1-5-18	8/5/2022 10:29:41 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {33B787DB-2C97-4B79-AF4A-6FB09BA42EF2}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=528239213; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	715	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	4500	hv-cinder-81558	S-1-5-18	8/5/2022 10:29:24 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {CBADFD02-9568-4DE3-A7B4-62CB4CB1BD1A}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=852980012; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	714	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2076	hv-cinder-81558	S-1-5-18	8/5/2022 10:28:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {787F1761-EC53-435C-803F-18D4F999041E}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1393248596; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	713	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	776	hv-cinder-81558	S-1-5-18	8/5/2022 10:28:48 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %SystemRoot%\System32\storagewmi.dll	5857	0		0	0	0	4611686018427387904	712	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	2168	hv-cinder-81558	S-1-5-20	8/5/2022 10:28:43 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {5132DF2F-F11C-473A-9041-5EE7CB03F0BA}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1908630219; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	711	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2076	hv-cinder-81558	S-1-5-18	8/5/2022 10:28:42 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {D3F4A547-0D94-4741-BB2D-A4CBCB957A7B}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1193148467; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	710	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3244	hv-cinder-81558	S-1-5-18	8/5/2022 10:28:21 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {6D954D59-7586-4427-8AF9-5BFCC36A49EA}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1003934985; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	709	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:28:20 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9EE3678C-054C-4E7F-9D72-0328A7F0FE88}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{7EDDA637-E1E3-4F51-AA64-089CE8C49560}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	708	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:28:19 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {43F4C7E2-877E-4A83-BE2B-1BD9A1E2ED03}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1850099270; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	707	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3244	hv-cinder-81558	S-1-5-18	8/5/2022 10:28:18 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {F6E10FDE-FF49-40E6-9016-011398733017}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2059642128; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	706	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	776	hv-cinder-81558	S-1-5-18	8/5/2022 10:28:10 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {62097CEC-F15C-4C04-9FDF-B3E0545E3BA6}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1003489116; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	705	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	776	hv-cinder-81558	S-1-5-18	8/5/2022 10:28:08 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {AC7E4B26-1DC3-4B12-84EF-65BFCFDFAFA2}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{EFCC3CD0-CB9C-418E-B488-F9F455DBEE7B}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	704	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	776	hv-cinder-81558	S-1-5-18	8/5/2022 10:28:08 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C2EA6A14-BC9A-4BEB-BD73-CF627CA4C8BA}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{417C9B1D-61F4-43D2-BBAE-3A2F889DFE5D}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	703	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	776	hv-cinder-81558	S-1-5-18	8/5/2022 10:28:07 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {0B22C41C-E24D-4445-80E8-E5D58DD3CAAE}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=655218278; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	702	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2800	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {60AB1127-C816-42A2-8B25-A69BFC219302}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1636075713; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	701	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3244	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {EFBEB755-FAA4-4304-BC00-004302E69481}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=585312990; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	700	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2800	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {DD54EDF1-608F-4094-B27C-E8515E3B63D1}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=769974387; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	699	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3244	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:48 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {8DBDD8BC-7076-476C-A82A-46A0BCAD8E1A}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-58e727a1-7ae0-4f46-9f56-79ad77a38f46"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	698	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3244	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:48 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {98C56ED1-C1BD-4519-8D14-F9FABC013D11}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-58e727a1-7ae0-4f46-9f56-79ad77a38f46",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-81558"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	697	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3244	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:48 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {CB2C3EC8-0EEE-40DB-960D-E2CC682CEE83}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{337123F2-2A2A-4CF5-BAF9-A83F92B15641}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	696	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:47 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9BC493C8-41C7-421F-91C9-712D25EAF20E}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=394544094; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	695	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:34 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %SystemRoot%\System32\storagewmi.dll	5857	0		0	0	0	4611686018427387904	694	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	2168	hv-cinder-81558	S-1-5-20	8/5/2022 10:27:30 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {74F1B8A2-8E6B-4D40-BA41-04CF0957E5CC}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=649964984; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	693	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:27 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {A61D961F-CC63-4A4B-9E7D-51153ED71343}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=514710083; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	692	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	612	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:23 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FC2FF77B-1C59-4F75-A4FC-F34ADD5A6F0B}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1785401395; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	691	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	776	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:23 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {762553A0-0E00-4BE7-AF34-F237CAA7124D}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=163329819; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	690	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:22 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {ADBD7EC3-25A5-45CC-A08F-5967F9899437}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{43AA6665-F24D-4443-B2A0-C70F9430484C}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	689	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	776	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:22 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {62047E20-DB76-45F0-A461-1F9E5A3F036D}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{581D410B-299C-4DFA-A7A7-63C5BCA47BB5}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	688	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:21 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9F64F316-CA41-4383-AABF-C1049E8C8DA0}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=115038012; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	687	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	776	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:12 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {455DAA35-2C85-40CA-800B-C9320516048C}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1913791656; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	686	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2508	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:08 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {98F76D19-4135-4F45-ADE2-5896CD373024}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1762403284; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	685	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3244	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:08 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {6D790614-8C6E-4D6E-AD22-74DFC7BCC9D1}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=736839353; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	684	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2508	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:07 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {B2746AC8-F6FD-4597-8099-C56076C3BEE8}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=91330769; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	683	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	776	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:06 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96EB6564-226A-4A48-8A9F-12C8E7B83163}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1830481942; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	682	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:05 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {CF003D54-0253-4892-B623-7630342DFCBE}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1639285377; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	681	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:05 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {7D5EBB4E-F871-4894-B373-312BE764AB54}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{BFB121B9-61BD-4561-AFDB-1E675A0AD730}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	680	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:05 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {E4F44EF3-A5C0-46B6-A49C-A5ADB44771C8}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{610DE59A-0E9C-4F9C-B83E-A49810FA947B}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	679	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	776	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {6FE799F6-2AF4-4BC2-9B04-156C849465A8}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=502712490; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	678	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3036	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {BF00C1B0-F6B1-4AD9-8C79-2D7ABAE087AC}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=494555724; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	677	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2508	hv-cinder-81558	S-1-5-18	8/5/2022 10:27:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {1E4944A2-154E-45B7-98C0-C3143E86A8B6}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=179068746; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	676	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:26:52 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {D5E052DE-956F-4AC5-AECF-F5F0FBE5074A}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1479313040; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	675	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2508	hv-cinder-81558	S-1-5-18	8/5/2022 10:26:44 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C99F9B43-CC48-4DE0-8CC8-D3BEF494CD07}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1959984250; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	674	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	612	hv-cinder-81558	S-1-5-18	8/5/2022 10:26:42 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {0AD8B280-2810-4EBC-A1C9-51BCC848779E}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{19828A27-13F9-475E-937F-A9CFBE7D8FBC}"; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	673	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	612	hv-cinder-81558	S-1-5-18	8/5/2022 10:26:41 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {D532BAE0-3729-477D-BF24-3F52B7EDD741}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=460312550; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	672	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	612	hv-cinder-81558	S-1-5-18	8/5/2022 10:26:39 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {CA70B19A-A24C-4643-B598-E8C41892C12B}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1885118996; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	671	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:26:38 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {19CDF6AE-7B78-4EB9-9897-5FA53141CA30}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=681139871; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	670	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	776	hv-cinder-81558	S-1-5-18	8/5/2022 10:26:37 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {529355A8-940A-4F2E-B576-4B512167FFF3}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2085507858; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	669	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:26:20 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {209203CF-9DDB-4F97-8B80-EAAF2662724E}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1896226279; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	668	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2508	hv-cinder-81558	S-1-5-18	8/5/2022 10:26:16 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {A4AB866A-EF47-40CE-B06F-01690953FE1B}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1473484013; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	667	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	4572	hv-cinder-81558	S-1-5-18	8/5/2022 10:26:15 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {B8B62FD7-DF31-4E21-A9D0-4A6A0C564325}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=565994307; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	666	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	672	hv-cinder-81558	S-1-5-18	8/5/2022 10:26:13 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {95ADB653-5BC4-417C-BA1D-1E12683E19A3}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2079208536; ResultCode = 0x80041024; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	665	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3808	hv-cinder-81558	S-1-5-18	8/5/2022 10:26:08 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVSS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %systemroot%\system32\wbem\vsswmi.dll	5857	0		0	0	0	4611686018427387904	664	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	4400	hv-cinder-81558	S-1-5-20	8/5/2022 10:26:06 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll	5857	0		0	0	0	4611686018427387904	663	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	4400	hv-cinder-81558	S-1-5-20	8/5/2022 10:26:06 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4432; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll	5857	0		0	0	0	4611686018427387904	662	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4432	4368	hv-cinder-81558	S-1-5-19	8/5/2022 10:26:06 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2096; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll	5857	0		0	0	0	4611686018427387904	661	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2096	4984	hv-cinder-81558	S-1-5-19	8/5/2022 10:24:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __InstanceDeletionEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_SyntheticEthernetPortSettingData' ; UserName = NT AUTHORITY\SYSTEM; ClientProcessID = 2436, ClientMachine = HV-CINDER-81558; PossibleCause = Temporary	5860	0		0	0	0	4611686018427387904	660	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3520	hv-cinder-81558	S-1-5-18	8/5/2022 10:24:15 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __InstanceCreationEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_SyntheticEthernetPortSettingData' ; UserName = NT AUTHORITY\SYSTEM; ClientProcessID = 2436, ClientMachine = HV-CINDER-81558; PossibleCause = Temporary	5860	0		0	0	0	4611686018427387904	659	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3520	hv-cinder-81558	S-1-5-18	8/5/2022 10:24:15 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = root\virtualization\v2; NotificationQuery = SELECT EnabledState, TargetInstance FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Msvm_ComputerSystem' AND TargetInstance.EnabledState != PreviousInstance.EnabledState AND (TargetInstance.EnabledState = '2' OR TargetInstance.EnabledState = '3' OR TargetInstance.EnabledState = '32768' OR TargetInstance.EnabledState = '32769'); UserName = NT AUTHORITY\SYSTEM; ClientProcessID = 4992, ClientMachine = HV-CINDER-81558; PossibleCause = Temporary	5860	0		0	0	0	4611686018427387904	658	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3520	hv-cinder-81558	S-1-5-18	8/5/2022 10:24:13 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3264; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	657	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3264	3056	hv-cinder-81558	S-1-5-18	8/5/2022 10:24:09 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_WIN32_TERMINALSERVICE_Prov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %SystemRoot%\system32\tscfgwmi.dll	5857	0		0	0	0	4611686018427387904	656	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	4400	hv-cinder-81558	S-1-5-20	8/5/2022 10:23:56 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2820; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	655	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2820	4516	hv-cinder-81558	S-1-5-18	8/5/2022 10:23:47 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	654	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	4400	hv-cinder-81558	S-1-5-20	8/5/2022 10:23:47 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4020; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	653	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4020	4400	hv-cinder-81558	S-1-5-20	8/5/2022 10:23:46 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3264; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	652	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3264	3056	hv-cinder-81558	S-1-5-18	8/5/2022 10:15:33 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1076; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll	5857	0		0	0	0	4611686018427387904	651	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1076	372	hv-cinder-81558	S-1-5-20	8/5/2022 10:14:33 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_WIN32_TERMINALSERVICE_Prov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1076; ProviderPath = %SystemRoot%\system32\tscfgwmi.dll	5857	0		0	0	0	4611686018427387904	650	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1076	1168	hv-cinder-81558	S-1-5-20	8/5/2022 10:14:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1076; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	649	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1076	372	hv-cinder-81558	S-1-5-20	8/5/2022 10:14:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 744; ProviderPath = %systemroot%\system32\wbem\msiprov.dll	5857	0		0	0	0	4611686018427387904	648	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	744	1468	hv-cinder-81558	S-1-5-18	8/5/2022 9:55:11 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 744; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	647	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	744	1468	hv-cinder-81558	S-1-5-18	8/5/2022 9:54:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 744; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	646	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	744	1468	hv-cinder-81558	S-1-5-18	8/5/2022 9:54:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4008; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	645	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4008	2920	hv-cinder-81558	S-1-5-20	8/5/2022 9:54:24 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9FD21BF9-A8B0-0005-661E-D29FB0A8D801}; ClientMachine = HV-CINDER-81558; User = HV-CINDER-81558\Admin; ClientProcessId = 3224; Component = Core; Operation = Start IWbemServices::ExecNotificationQuery - root\virtualization\v2 : SELECT * FROM __InstanceDeletionEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; ResultCode = 0x800706BE; PossibleCause = Could not send status to client	5858	0		2	0	0	4611686018427387904	644	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	4060	hv-cinder-81558	S-1-5-18	8/5/2022 9:51:53 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9FD21BF9-A8B0-0005-661E-D29FB0A8D801}; ClientMachine = HV-CINDER-81558; User = HV-CINDER-81558\Admin; ClientProcessId = 3224; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - root\virtualization\v2 : SELECT * FROM __InstanceDeletionEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	643	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	1264	hv-cinder-81558	S-1-5-18	8/5/2022 9:51:53 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9FD21BF9-A8B0-0005-661E-D29FB0A8D801}; ClientMachine = HV-CINDER-81558; User = HV-CINDER-81558\Admin; ClientProcessId = 3224; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - root\virtualization\v2 : SELECT * FROM __InstanceModificationEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	642	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	1264	hv-cinder-81558	S-1-5-18	8/5/2022 9:51:52 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __InstanceDeletionEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; UserName = HV-CINDER-81558\Admin; ClientProcessID = 3224, ClientMachine = HV-CINDER-81558; PossibleCause = Temporary	5860	0		0	0	0	4611686018427387904	641	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	1264	hv-cinder-81558	S-1-5-18	8/5/2022 9:51:52 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __InstanceModificationEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; UserName = HV-CINDER-81558\Admin; ClientProcessID = 3224, ClientMachine = HV-CINDER-81558; PossibleCause = Temporary	5860	0		0	0	0	4611686018427387904	640	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	1264	hv-cinder-81558	S-1-5-18	8/5/2022 9:51:52 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2380; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	639	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2380	3128	hv-cinder-81558	S-1-5-19	8/5/2022 9:51:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2932; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	638	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2932	2968	hv-cinder-81558	S-1-5-20	8/5/2022 9:51:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSiSCSITargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 740; ProviderPath = C:\windows\system32\wbem\SmIscsiTargetProv.dll	5857	0		0	0	0	4611686018427387904	637	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	740	2388	hv-cinder-81558	S-1-5-20	8/5/2022 9:51:47 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3244; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll	5857	0		0	0	0	4611686018427387904	636	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3244	3236	hv-cinder-81558	S-1-5-19	8/5/2022 9:51:47 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 744; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	635	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	744	824	hv-cinder-81558	S-1-5-18	8/5/2022 9:51:47 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSiSCSITargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 740; ProviderPath = C:\windows\system32\wbem\SmIscsiTargetProv.dll	5857	0		0	0	0	4611686018427387904	634	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	740	3252	hv-cinder-81558	S-1-5-20	8/5/2022 9:51:47 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_WIN32_TERMINALSERVICE_Prov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2932; ProviderPath = %SystemRoot%\system32\tscfgwmi.dll	5857	0		0	0	0	4611686018427387904	633	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2932	2968	hv-cinder-81558	S-1-5-20	8/5/2022 9:51:34 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
wfascim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2932; ProviderPath = %systemroot%\system32\wbem\wfascim.dll	5857	0		0	0	0	4611686018427387904	632	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2932	2984	hv-cinder-81558	S-1-5-20	8/5/2022 9:51:31 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2932; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	631	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2932	2968	hv-cinder-81558	S-1-5-20	8/5/2022 9:50:56 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3984; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MSiSCSI_PortalInfoClass; ResultCode = 0x8004100C; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	630	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3896	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3984; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MS_SM_AdapterInformationQuery; ResultCode = 0x8004100C; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	629	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3896	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 744; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	628	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	744	824	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = HV-CINDER-81558\cloudbase-init; ClientProcessId = 2364; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT RemainingWindowsReArmCount, KeyManagementServiceListeningPort, KeyManagementServiceDnsPublishing, KeyManagementServiceLowPriority, ClientMachineId, KeyManagementServiceHostCaching, Version FROM SoftwareLicensingService; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	627	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2916	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:27 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
SppProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2932; ProviderPath = %SystemRoot%\System32\sppwmi.dll	5857	0		0	0	0	4611686018427387904	626	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2932	2968	hv-cinder-81558	S-1-5-20	8/5/2022 9:50:27 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3160; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	625	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2200	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3160; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	624	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	1968	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3160; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesConfigured FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	623	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2200	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_TpmProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2932; ProviderPath = C:\Windows\system32\wbem\Win32_TPM.dll	5857	0		0	0	0	4611686018427387904	622	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2932	2984	hv-cinder-81558	S-1-5-20	8/5/2022 9:50:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3160; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT VirtualizationBasedSecurityStatus FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	621	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2344	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3160; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	620	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2916	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3160; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	619	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2916	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3160; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	618	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2916	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3160; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	617	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2916	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3160; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT VirtualizationBasedSecurityStatus FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	616	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2916	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3160; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	615	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2916	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_DeviceGuard provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2932; ProviderPath = %SystemRoot%\System32\Win32_DeviceGuard.dll	5857	0		0	0	0	4611686018427387904	614	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2932	2984	hv-cinder-81558	S-1-5-20	8/5/2022 9:50:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3160; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : select ChassisTypes from Win32_SystemEnclosure; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	613	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	1968	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:24 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3160; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\CIMV2 : SELECT SMBIOSAssetTag FROM Win32_SystemEnclosure ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	612	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2344	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:23 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3160; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ID FROM Win32_ServerFeature; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	611	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2916	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:15 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2564; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	610	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2564	3916	hv-cinder-81558	S-1-5-18	8/5/2022 9:50:11 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
ServerFeatureProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2932; ProviderPath = %windir%\system32\wbem\servercompprov.dll	5857	0		0	0	0	4611686018427387904	609	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2932	2968	hv-cinder-81558	S-1-5-20	8/5/2022 9:50:11 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	608	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	607	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	606	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	605	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	604	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	603	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	602	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	601	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	600	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	599	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	598	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	597	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	596	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	595	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	594	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	593	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	592	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	591	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	590	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	589	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	588	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	587	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	586	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	585	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	584	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	583	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	582	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	581	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	580	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	579	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	578	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	577	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	576	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	575	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	574	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	573	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	572	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	571	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	570	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	569	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	568	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	567	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	566	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	565	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	564	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {C5F8742C-46BB-46E4-9BFF-BC28589DB19E}; ClientMachine = HV-CINDER-81558; User = ; ClientProcessId = 588; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	563	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2932; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll	5857	0		0	0	0	4611686018427387904	562	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2932	2968	hv-cinder-81558	S-1-5-20	8/5/2022 9:49:45 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 588; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent	5859	0		0	0	0	4611686018427387904	561	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3920	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:45 AM	9fd21bf9-a8b0-0001-ab1c-d29fb0a8d801		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __ClassOperationEvent; UserName = .\SYSTEM; ClientProcessID = 0, ClientMachine = ; PossibleCause = Temporary	5860	0		0	0	0	4611686018427387904	560	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2884	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:45 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; };	5861	0		0	0	0	4611686018427387904	559	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	3916	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:45 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2932; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	558	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2932	2972	hv-cinder-81558	S-1-5-20	8/5/2022 9:49:38 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2516; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	557	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2892	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:38 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-81558; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2080; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User : __Namespace.name="S_1_5_21_3241127019_3800721511_1616243037_500"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	556	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	588	2900	hv-cinder-81558	S-1-5-18	8/5/2022 9:49:38 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5KRAK2D1VS8; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3056; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MSiSCSI_PortalInfoClass; ResultCode = 0x8004100A; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	555	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	524	2556	WIN-5T344G8GM1H	S-1-5-18	8/5/2022 9:48:58 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5KRAK2D1VS8; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3056; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MS_SM_AdapterInformationQuery; ResultCode = 0x8004100A; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	554	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	524	2556	WIN-5T344G8GM1H	S-1-5-18	8/5/2022 9:48:58 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5KRAK2D1VS8; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2192; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	553	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	524	2392	WIN-5T344G8GM1H	S-1-5-18	8/5/2022 9:47:46 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5KRAK2D1VS8; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1740; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : select * from Win32_OperatingSystem; ResultCode = 0x8004100A; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	552	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	524	2392	WIN-5T344G8GM1H	S-1-5-18	8/5/2022 9:47:46 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4848; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "RNDISMPStatisticsOID"; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	551	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	3432	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:48:09 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4848; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WMIBinaryMofResource where Name = "C:\\windows\\System32\\drivers\\en-US\\netvsc.sys.mui[NdisMofResource]"; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	550	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	3432	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:48:09 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4460; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	549	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4460	5048	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:46:31 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4460; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	548	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4460	5048	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:46:31 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4848; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	547	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4848	4776	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:45:30 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = WIN-5T344G8GM1H\Administrator; ClientProcessId = 4956; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\Defender : SELECT * FROM MSFT_MpComputerStatus; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	546	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	1176	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:42:52 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
ProtectionManagement provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3752; ProviderPath = "%ProgramData%\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\ProtectionManagement.dll"	5857	0		0	0	0	4611686018427387904	545	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3752	2228	WIN-5T344G8GM1H	S-1-5-19	1/19/2018 9:42:52 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MsNetImPlatform provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\ndisimplatcim.dll	5857	0		0	0	0	4611686018427387904	544	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2776	3064	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:42:52 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4120; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	543	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4120	4148	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:42:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	542	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2776	1292	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:42:48 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3752; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	541	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3752	2228	WIN-5T344G8GM1H	S-1-5-19	1/19/2018 9:42:48 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	540	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2776	3064	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:42:48 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	539	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2776	3064	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:42:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll	5857	0		0	0	0	4611686018427387904	538	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2776	3064	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:42:16 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4120; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	537	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4120	4148	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:43 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	536	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2776	1292	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:41:39 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3752; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	535	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3752	2228	WIN-5T344G8GM1H	S-1-5-19	1/19/2018 9:41:39 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	534	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2776	2812	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:41:39 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 976; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent	5859	0		0	0	0	4611686018427387904	533	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2172	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM	ad8d0f9c-9109-0001-0a10-8dad0991d301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __ClassOperationEvent; UserName = .\SYSTEM; ClientProcessID = 0, ClientMachine = ; PossibleCause = Temporary	5860	0		0	0	0	4611686018427387904	532	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; };	5861	0		0	0	0	4611686018427387904	531	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	388	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	530	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	529	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	528	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	527	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	526	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	525	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	524	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	523	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	522	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	521	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	520	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	519	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	518	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	517	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	516	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	515	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	514	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	513	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	512	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	511	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	510	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	509	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	508	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	507	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	506	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	505	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	504	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	503	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	502	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	501	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	500	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	499	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	498	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	497	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	496	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	495	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	494	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	493	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	492	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	491	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	490	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	489	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	488	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	487	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	486	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	485	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2680	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	484	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2776	2848	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:41:31 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2204; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	483	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2692	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:41:30 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3176; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	482	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3176	1548	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:40:26 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_RegisteredSubprofile; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	481	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	4728	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:38:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_SubProfileRequiresProfile; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	480	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	4728	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:38:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_RegisteredProfile; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	479	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	4728	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:38:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_ReferencedProfile; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	478	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	4728	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:38:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_ElementSoftwareIdentity; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	477	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	4728	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:38:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_ElementConformsToProfileEx; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	476	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	4728	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:38:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_ElementConformsToProfile; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	475	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	4728	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:38:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\cimv2\storage\ms_409 : __Namespace.Name='iscsitarget'; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	474	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	4728	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:38:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	473	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3968	4084	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:38:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2712; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	472	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2712	592	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:38:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2712; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	471	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2712	592	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:38:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4348; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	470	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4348	2924	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:35:55 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4444; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	469	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4444	4516	WIN-5T344G8GM1H	S-1-5-19	1/19/2018 9:35:55 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4348; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	468	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4348	4632	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:35:55 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4348; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	467	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4348	4632	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:35:41 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4348; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	466	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4348	4632	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:35:41 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	465	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4824	1600	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:34:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1548; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	464	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1548	2160	WIN-5T344G8GM1H	S-1-5-19	1/19/2018 9:34:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	463	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4824	1600	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:34:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	462	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4824	4808	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:34:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 764; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	461	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	764	1020	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:33:46 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	460	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4824	4808	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:32:20 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	459	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4824	4808	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:32:20 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	458	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3968	4084	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:31:16 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1520; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	457	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1520	2704	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:29:44 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1520; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	456	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1520	2704	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:29:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {4693033F-66F0-46C4-8E27-99621765768B}; ClientMachine = WIN-5T344G8GM1H; User = WIN-5T344G8GM1H\Administrator; ClientProcessId = 4124; Component = Core; Operation = Start IWbemServices::ExecMethod - root\microsoft\windows\servermanager : MSFT_ServerManagerTasks::GetServerFeature; ResultCode = 0x800706BE; PossibleCause = Could not send status to client	5858	0		2	0	0	4611686018427387904	455	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2716	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {4693033F-66F0-46C4-8E27-99621765768B}; ClientMachine = WIN-5T344G8GM1H; User = WIN-5T344G8GM1H\Administrator; ClientProcessId = 4124; Component = Unknown; Operation = Start IWbemServices::ExecMethod - root\microsoft\windows\servermanager : MSFT_ServerManagerTasks::GetServerFeature; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	454	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	432	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:32 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4608; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	453	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4608	4636	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:30 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	452	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2872	2896	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:26 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4344; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	451	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4344	4368	WIN-5T344G8GM1H	S-1-5-19	1/19/2018 9:27:26 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	450	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2872	2900	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:25 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	449	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2872	2900	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:20 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll	5857	0		0	0	0	4611686018427387904	448	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2872	2900	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:19 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 956; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent	5859	0		0	0	0	4611686018427387904	447	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2284	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:18 AM	aff0bd57-9107-0002-9bbd-f0af0791d301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __ClassOperationEvent; UserName = .\SYSTEM; ClientProcessID = 0, ClientMachine = ; PossibleCause = Temporary	5860	0		0	0	0	4611686018427387904	446	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:18 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; };	5861	0		0	0	0	4611686018427387904	445	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2284	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:18 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	444	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	443	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	442	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	441	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	440	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	439	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	438	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	437	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	436	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	435	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	434	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	433	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	432	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	431	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	430	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	429	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	428	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	427	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	426	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	425	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	424	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	423	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	422	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	421	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	420	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2864	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	419	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2864	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	418	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2864	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	417	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2864	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	416	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2864	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	415	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2864	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	414	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2864	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	413	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2868	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	412	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	411	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	410	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2864	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	409	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2864	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	408	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2864	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	407	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2864	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	406	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2864	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	405	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2868	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	404	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2864	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	403	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2864	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	402	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2864	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	401	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	400	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	399	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	398	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	397	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	396	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	395	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	394	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	393	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	392	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	391	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	390	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	389	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	388	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	387	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	386	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	385	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	384	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	383	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	382	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	381	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	380	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	379	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	378	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	377	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	376	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	375	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	374	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	373	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	372	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	371	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	370	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	369	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	368	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	367	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	366	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	365	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	364	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	363	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	362	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	361	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	360	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	359	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	358	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	357	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	356	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	355	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	354	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	353	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2860	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	352	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2872	2900	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2336; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	351	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2864	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:27:17 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = ROOT\virtualization\v2; NotificationQuery = SELECT * FROM __ClassOperationEvent; UserName = .\SYSTEM; ClientProcessID = 0, ClientMachine = ; PossibleCause = Temporary	5860	0		0	0	0	4611686018427387904	350	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:58 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2360; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	349	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:52 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : Msvm_VirtualHardDiskState; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	348	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : Msvm_VirtualHardDiskSettingData; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	347	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : Msvm_VirtualHardDiskInfo; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	346	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : Msvm_ServicingSettings; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	345	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_SettingsDefineState; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	344	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_ServiceAffectsElement; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	343	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_ManagedElement; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	342	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_ElementSettingData; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	341	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_ElementCapabilities; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	340	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_Dependency; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	339	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_Component; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	338	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_AffectedJobElement; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	337	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : Msvm_SummaryInformationBase; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	336	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_SettingsDefineState; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	335	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_ServiceAffectsElement; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	334	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2824	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_ManagedElement; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	333	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_ElementSettingData; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	332	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_ElementCapabilities; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	331	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_Dependency; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	330	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_Component; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	329	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_AffectedJobElement; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	328	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 968; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent	5859	0		0	0	0	4611686018427387904	327	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2948	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM	96ed06e7-9107-0000-3d07-ed960791d301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; };	5861	0		0	0	0	4611686018427387904	326	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2948	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:51 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VirtualDiskChangedRange; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	325	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VHDSSnapshotInformation; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	324	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VHDSetInformation; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	323	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VirtualHardDiskSettingData; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	322	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VirtualHardDiskInfo; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	321	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_SummaryInformationBase; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	320	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_ServicingSettings; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	319	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_SettingsDefineState; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	318	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_ServiceAffectsElement; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	317	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_ManagedElement; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	316	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_ElementSettingData; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	315	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_ElementCapabilities; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	314	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_Dependency; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	313	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_Component; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	312	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_AffectedJobElement; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	311	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VirtualDiskChangedRange; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	310	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VHDSSnapshotInformation; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	309	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VHDSetInformation; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	308	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VirtualHardDiskSettingData; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	307	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VirtualHardDiskInfo; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	306	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_SummaryInformationBase; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	305	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_ServicingSettings; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	304	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_SettingsDefineState; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	303	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_ServiceAffectsElement; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	302	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_ManagedElement; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	301	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_ElementSettingData; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	300	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_ElementCapabilities; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	299	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_Dependency; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	298	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_Component; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	297	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_AffectedJobElement; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	296	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	968	2820	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:26:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2840; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	295	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2840	2880	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:26:46 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2840; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll	5857	0		0	0	0	4611686018427387904	294	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2840	2880	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:26:44 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2840; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	293	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2840	2864	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:26:42 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 308; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	292	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2620	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:25:03 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 308; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	291	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	404	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:25:02 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2528; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	290	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2528	3456	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:24:56 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2508; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	289	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2508	4092	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:24:53 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2736; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	288	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2736	3804	WIN-5T344G8GM1H	S-1-5-19	1/19/2018 9:24:53 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2508; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	287	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2508	4092	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:24:53 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2508; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	286	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2508	2824	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:24:53 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3200; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	285	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3200	3644	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:23:15 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	284	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2856	2920	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:12 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2540; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	283	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2540	3240	WIN-5T344G8GM1H	S-1-5-19	1/19/2018 9:23:12 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	282	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2856	2884	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:11 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	281	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2856	2884	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:05 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll	5857	0		0	0	0	4611686018427387904	280	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2856	2884	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 956; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent	5859	0		0	0	0	4611686018427387904	279	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2916	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:23:03 AM	17f2f0cc-9107-0002-12f1-f2170791d301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; };	5861	0		0	0	0	4611686018427387904	278	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	956	2908	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:23:03 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	277	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2856	2884	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:23:02 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3808; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	276	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3808	4032	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:14:59 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2664; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	275	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2664	2720	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:14:58 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2972; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	274	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2972	156	WIN-5T344G8GM1H	S-1-5-19	1/19/2018 9:14:58 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2664; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	273	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2664	2720	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:14:57 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2664; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	272	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2664	1584	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:14:57 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = WIN-5T344G8GM1H\Administrator; ClientProcessId = 1860; Component = Unknown; Operation = Start IWbemServices::PutInstance - root\cimv2 : Win32_ComputerSystem.Name="WIN-5T344G8GM1H"; ResultCode = 0x80041001; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	271	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1180	4136	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:11:39 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4368; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	270	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4368	4496	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:10:55 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1784; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	269	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1784	2240	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 9:05:00 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 952; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	268	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	952	452	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:04:58 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1152; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	267	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1152	1396	WIN-5T344G8GM1H	S-1-5-19	1/19/2018 9:04:58 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 952; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	266	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	952	452	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:04:57 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 952; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	265	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	952	1000	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 9:04:57 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3176; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	264	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3176	3364	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:58:49 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4672; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	263	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4672	4700	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:57:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4672; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	262	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4672	4700	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:57:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 88; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	261	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1180	1284	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:56:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4672; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	260	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4672	4700	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:56:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 1180; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent	5859	0		0	0	0	4611686018427387904	259	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1180	4340	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:56:46 AM	289cfce6-9103-0003-f9fd-9c280391d301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; };	5861	0		0	0	0	4611686018427387904	258	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1180	4340	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:56:46 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	257	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3968	4008	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:55:06 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll	5857	0		0	0	0	4611686018427387904	256	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3968	4008	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:55:05 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3688; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	255	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3688	3696	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:55:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	254	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3968	4020	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:54:58 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4024; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	253	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4024	4052	WIN-5T344G8GM1H	S-1-5-19	1/19/2018 8:54:58 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	252	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3968	4008	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:54:58 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	251	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3968	3996	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:54:58 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3880; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	250	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3880	3916	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:54:38 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {7C5C4FFB-9102-0000-4A51-5C7C0291D301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 1192; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	249	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1192	3004	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:54:34 AM	7c5c4ffb-9102-0000-4a51-5c7c0291d301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1200; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	248	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1200	2840	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:54:03 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 1192, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary	5860	0		0	0	0	4611686018427387904	247	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1192	2792	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:52:27 AM	7c5c4ffb-9102-0001-8851-5c7c0291d301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1192; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll	5857	0		0	0	0	4611686018427387904	246	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1192	2792	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:52:27 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 1192; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent	5859	0		0	0	0	4611686018427387904	245	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1192	2796	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:51:57 AM	7c5c4ffb-9102-0001-5f51-5c7c0291d301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; };	5861	0		0	0	0	4611686018427387904	244	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1192	2796	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:51:57 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	243	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3832	3932	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:51:38 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll	5857	0		0	0	0	4611686018427387904	242	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3832	3872	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:51:37 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 428; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	241	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	428	1316	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:51:13 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	240	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3832	3872	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:51:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3888; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	239	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3888	3916	WIN-5T344G8GM1H	S-1-5-19	1/19/2018 8:51:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	238	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3832	3872	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:51:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	237	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3832	3860	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:51:04 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4796; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	236	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4796	840	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:45:55 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2284; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	235	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2284	2676	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:44:15 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2548; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	234	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2548	2728	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:44:08 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2300; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	233	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2300	4360	WIN-5T344G8GM1H	S-1-5-19	1/19/2018 8:44:08 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2548; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	232	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2548	2728	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:44:08 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2548; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	231	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2548	3736	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:44:08 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1052; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	230	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1052	4868	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:36:56 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3184; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	229	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3184	404	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:34:15 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_WIN32_TERMINALSERVICE_Prov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %SystemRoot%\system32\tscfgwmi.dll	5857	0		0	0	0	4611686018427387904	228	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1164	4616	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:34:14 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4600; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\WMI : SELECT * FROM BatteryStaticData; ResultCode = 0x80041010; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	227	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	964	4904	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:34:14 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4600; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\WMI : SELECT * FROM BatteryFullChargedCapacity; ResultCode = 0x80041010; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	226	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	964	4904	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:34:13 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerWmiProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %SYSTEMROOT%\system32\PowerWmiProvider.dll	5857	0		0	0	0	4611686018427387904	225	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1164	1368	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:34:13 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %SystemRoot%\System32\storagewmi.dll	5857	0		0	0	0	4611686018427387904	224	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1164	1368	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:34:11 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	223	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1164	1368	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:34:11 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	222	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1164	1368	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:34:08 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2920; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	221	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2920	4532	WIN-5T344G8GM1H	S-1-5-19	1/19/2018 8:34:08 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	220	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1164	1368	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:34:08 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	219	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1164	1532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:34:08 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {9A81CB05-910F-0003-8ACC-819A0F91D301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 964; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	218	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	964	4228	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:33:15 AM	9a81cb05-910f-0003-8acc-819a0f91d301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	217	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	964	1824	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:33:01 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesConfigured FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	216	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	964	5076	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:33:01 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_TpmProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = C:\Windows\system32\wbem\Win32_TPM.dll	5857	0		0	0	0	4611686018427387904	215	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1164	1532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:33:01 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT VirtualizationBasedSecurityStatus FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	214	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	964	5076	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:33:01 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	213	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	964	5076	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:33:01 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	212	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	964	1824	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:33:01 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	211	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	964	5076	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:33:01 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_DeviceGuard provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %SystemRoot%\System32\Win32_DeviceGuard.dll	5857	0		0	0	0	4611686018427387904	210	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1164	1532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:33:01 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\CIMV2 : SELECT SMBIOSAssetTag FROM Win32_SystemEnclosure ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	209	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	964	5076	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:32:59 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	208	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1164	1532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:32:59 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	207	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1164	2868	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:32:58 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1912; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	206	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1912	3084	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:32:58 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
ServerFeatureProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %windir%\system32\wbem\servercompprov.dll	5857	0		0	0	0	4611686018427387904	205	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1164	1532	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:32:58 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 996; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	204	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	996	456	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:29:00 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 996; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	203	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	996	456	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:29:00 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4324; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	202	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4324	3568	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:27:56 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 964, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary	5860	0		0	0	0	4611686018427387904	201	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	964	3260	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:26:55 AM	9a81cb05-910f-0000-a4cc-819a0f91d301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 964; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll	5857	0		0	0	0	4611686018427387904	200	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	964	3260	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:26:55 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	199	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3772	3768	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:26:50 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	198	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3772	3768	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:25:57 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 964; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent	5859	0		0	0	0	4611686018427387904	197	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	964	4648	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:25:52 AM	9a81cb05-910f-0003-4bcc-819a0f91d301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; };	5861	0		0	0	0	4611686018427387904	196	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	964	4648	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:25:52 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	195	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3772	3768	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:24:46 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4124; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	194	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4124	4152	WIN-5T344G8GM1H	S-1-5-18	1/19/2018 8:24:15 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	193	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3772	3820	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:24:08 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3084; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	192	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3084	3436	WIN-5T344G8GM1H	S-1-5-19	1/19/2018 8:24:08 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	191	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3772	3800	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:24:08 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll	5857	0		0	0	0	4611686018427387904	190	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3772	3800	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:24:03 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	189	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3772	3800	WIN-5T344G8GM1H	S-1-5-20	1/19/2018 8:24:03 AM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3868; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	188	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3868	3176	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 6:37:16 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2504; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	187	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2504	2192	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:37:14 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2788; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	186	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2788	2624	WIN-5T344G8GM1H	S-1-5-19	1/16/2018 6:37:14 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2504; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	185	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2504	2192	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:37:14 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2504; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	184	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2504	2440	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:37:14 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4024; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	183	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4024	3868	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 6:27:16 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1288; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	182	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1288	3280	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:27:14 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1500; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	181	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1500	2664	WIN-5T344G8GM1H	S-1-5-19	1/16/2018 6:27:14 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1288; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	180	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1288	3280	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:27:14 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1288; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	179	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1288	4056	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:27:14 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 652; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	178	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	652	1972	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 6:17:16 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4032; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	177	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4032	3152	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:17:14 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3688; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	176	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3688	3124	WIN-5T344G8GM1H	S-1-5-19	1/16/2018 6:17:14 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4032; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	175	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4032	1184	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:17:14 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4032; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	174	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4032	1160	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:17:14 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1088; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	173	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1088	4088	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 6:10:25 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	172	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2784	1752	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:08:29 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 1176; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent	5859	0		0	0	0	4611686018427387904	171	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1176	3928	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 6:08:20 PM	b65c0852-8ef4-0003-8709-5cb6f48ed301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; };	5861	0		0	0	0	4611686018427387904	170	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1176	3928	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 6:08:20 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	169	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2784	1752	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:07:37 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll	5857	0		0	0	0	4611686018427387904	168	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2784	1752	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:07:36 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	167	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2784	4072	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:07:14 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4076; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	166	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4076	1920	WIN-5T344G8GM1H	S-1-5-19	1/16/2018 6:07:14 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	165	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2784	4060	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:07:14 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	164	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2784	2824	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:07:14 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	163	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1176	2580	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 6:06:34 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	162	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1176	2580	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 6:06:34 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesConfigured FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	161	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1176	2640	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 6:06:34 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_TpmProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = C:\Windows\system32\wbem\Win32_TPM.dll	5857	0		0	0	0	4611686018427387904	160	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2784	2824	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:06:34 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT VirtualizationBasedSecurityStatus FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	159	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1176	2640	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 6:06:33 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	158	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1176	2580	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 6:06:33 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	157	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1176	2580	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 6:06:33 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	156	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1176	2580	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 6:06:33 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	155	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1176	2580	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 6:06:33 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Win32_DeviceGuard provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %SystemRoot%\System32\Win32_DeviceGuard.dll	5857	0		0	0	0	4611686018427387904	154	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2784	2824	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:06:33 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : select ChassisTypes from Win32_SystemEnclosure; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	153	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1176	2640	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 6:06:33 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	152	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2784	2824	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:06:32 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ID FROM Win32_ServerFeature; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	151	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1176	2640	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 6:06:32 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2832; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	150	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2832	2860	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 6:06:27 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
ServerFeatureProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %windir%\system32\wbem\servercompprov.dll	5857	0		0	0	0	4611686018427387904	149	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2784	2812	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:06:27 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4892; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	148	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4892	836	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 6:02:36 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4256; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	147	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4256	4144	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:53:30 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4976; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	146	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4976	3800	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:53:24 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5092; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	145	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	5092	2628	WIN-5T344G8GM1H	S-1-5-19	1/16/2018 5:53:24 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4976; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	144	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4976	3800	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:53:23 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4976; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	143	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4976	5116	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:53:23 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {53B2B737-8EF1-0000-6DB9-B253F18ED301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 1152; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	142	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1152	4780	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:50:11 PM	53b2b737-8ef1-0000-6db9-b253f18ed301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3688; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	141	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3688	2160	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:46:15 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 1152, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary	5860	0		0	0	0	4611686018427387904	140	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1152	4676	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:44:23 PM	53b2b737-8ef1-0003-feb9-b253f18ed301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1152; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll	5857	0		0	0	0	4611686018427387904	139	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1152	4676	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:44:23 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 400; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	138	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1152	2600	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:44:12 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4212; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	137	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4212	4236	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:43:31 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	136	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	2796	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:43:29 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	135	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	3216	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:43:23 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3208; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	134	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3208	3308	WIN-5T344G8GM1H	S-1-5-19	1/16/2018 5:43:23 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	133	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	324	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:43:23 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll	5857	0		0	0	0	4611686018427387904	132	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	324	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:43:17 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	131	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	976	324	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:43:17 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 1152; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent	5859	0		0	0	0	4611686018427387904	130	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1152	2720	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:42:38 PM	53b2b737-8ef1-0001-8eb7-b253f18ed301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; };	5861	0		0	0	0	4611686018427387904	129	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1152	2720	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:42:38 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {A4626349-8EA8-0003-B36D-62A4A88ED301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	128	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	3696	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:37:24 PM	a4626349-8ea8-0003-b36d-62a4a88ed301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 164; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	127	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	164	3628	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:35:48 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WmiPerfInst provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3868; ProviderPath = C:\Windows\System32\wbem\WmiPerfInst.dll	5857	0		0	0	0	4611686018427387904	126	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3868	1388	WIN-5T344G8GM1H	S-1-5-19	1/16/2018 5:35:07 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4924; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	125	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4924	428	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:35:04 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WmiPerfClass provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4924; ProviderPath = C:\Windows\System32\wbem\WmiPerfClass.dll	5857	0		0	0	0	4611686018427387904	124	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	4924	5928	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:35:03 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 924, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary	5860	0		0	0	0	4611686018427387904	123	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2052	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:34:06 PM	a4626349-8ea8-0002-ed6e-62a4a88ed301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 924; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll	5857	0		0	0	0	4611686018427387904	122	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2052	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:34:06 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5028; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	121	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	5028	5328	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:32:53 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5804; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	120	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	5804	5824	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:32:40 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3816; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	119	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3816	1224	WIN-5T344G8GM1H	S-1-5-19	1/16/2018 5:32:40 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5804; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	118	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	5804	5824	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:32:40 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5804; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	117	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	5804	912	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:32:40 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3180; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	116	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3180	804	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:22:47 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	115	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3772	5300	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:22:40 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 888; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	114	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	888	5288	WIN-5T344G8GM1H	S-1-5-19	1/16/2018 5:22:40 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	113	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3772	5300	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:22:40 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	112	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3772	3704	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:22:40 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5964; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	111	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	5964	3468	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:12:54 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {A4626349-8EA8-0000-8A6D-62A4A88ED301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	110	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	1992	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:12:41 PM	a4626349-8ea8-0000-8a6d-62a4a88ed301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1260; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	109	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1260	1960	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:12:40 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2736; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	108	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2736	2320	WIN-5T344G8GM1H	S-1-5-19	1/16/2018 5:12:40 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1260; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	107	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1260	1960	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:12:40 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1260; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	106	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	1260	1936	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:12:40 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 924, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary	5860	0		0	0	0	4611686018427387904	105	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	3016	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:06:17 PM	a4626349-8ea8-0003-146c-62a4a88ed301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 924; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll	5857	0		0	0	0	4611686018427387904	104	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	3016	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:06:17 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3428; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	103	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3428	5844	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:06:06 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3428; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	102	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3428	5844	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:06:06 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2768; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	101	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2768	1104	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:05:59 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	100	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2856	3704	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:04:01 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 924; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent	5859	0		0	0	0	4611686018427387904	99	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	3356	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:03:48 PM	a4626349-8ea8-0003-c36b-62a4a88ed301		microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage = "WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager"; };	5861	0		0	0	0	4611686018427387904	98	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	1768	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:03:48 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll	5857	0		0	0	0	4611686018427387904	97	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2856	3704	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:02:51 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll	5857	0		0	0	0	4611686018427387904	96	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2856	812	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:02:39 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5960; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll	5857	0		0	0	0	4611686018427387904	95	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	5960	5988	WIN-5T344G8GM1H	S-1-5-19	1/16/2018 5:02:39 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll	5857	0		0	0	0	4611686018427387904	94	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2856	3084	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:02:39 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2972; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ID FROM Win32_ServerFeature; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	93	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2352	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:13 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	92	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{F9C77450-3A41-477E-9310-9ACD617BD9E3}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	91	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	90	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	89	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	88	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	87	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	86	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	85	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	84	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	83	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	82	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	81	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	80	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	79	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	78	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	77	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	76	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	75	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	74	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	73	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	72	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	71	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	70	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	69	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{5794DAFD-BE60-433f-88A2-1A31939AC01F}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	68	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{4D2F9B6F-1E52-4711-A382-6A8B1A003DE6}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	67	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	66	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	65	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	64	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	63	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	62	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{25537BA6-77A8-11D2-9B6C-0000F8080861}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	61	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	60	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	59	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	58	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	57	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2512	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2768; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	56	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2768	1124	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2768; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll	5857	0		0	0	0	4611686018427387904	55	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2768	1124	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:11 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	54	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	53	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	52	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	51	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	50	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	49	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	48	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	47	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	46	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	45	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	44	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	43	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	42	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	41	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	40	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	39	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	38	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	37	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	36	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	35	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	34	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	33	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	32	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	31	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	30	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	29	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	28	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	27	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	26	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	25	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	24	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	23	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	22	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	21	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	20	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	19	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	18	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	17	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	16	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	15	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	14	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	13	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	12	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	11	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	10	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	9	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}"; ResultCode = 0x80041002; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	8	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2528	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3440; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll	5857	0		0	0	0	4611686018427387904	7	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	3440	3468	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
ServerFeatureProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %windir%\system32\wbem\servercompprov.dll	5857	0		0	0	0	4611686018427387904	6	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2856	3084	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2972; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : select ChassisTypes from Win32_SystemEnclosure; ResultCode = 0x80041032; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	5	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	924	2484	WIN-5T344G8GM1H	S-1-5-18	1/16/2018 5:02:09 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll	5857	0		0	0	0	4611686018427387904	4	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2856	3084	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:02:06 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll	5857	0		0	0	0	4611686018427387904	3	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	2856	2436	WIN-5T344G8GM1H	S-1-5-20	1/16/2018 5:02:05 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-PD8DQPRRTAO; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2508; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MSiSCSI_PortalInfoClass; ResultCode = 0x8004100A; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	2	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	916	2392	WIN-PD8DQPRRTAO	S-1-5-18	1/16/2018 5:01:40 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-PD8DQPRRTAO; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2508; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MS_SM_AdapterInformationQuery; ResultCode = 0x8004100A; PossibleCause = Unknown	5858	0		2	0	0	4611686018427387904	1	Microsoft-Windows-WMI-Activity	1418ef04-b0b4-4623-bf7e-d74ab47bbdaa	Microsoft-Windows-WMI-Activity/Operational	916	2392	WIN-PD8DQPRRTAO	S-1-5-18	1/16/2018 5:01:40 PM			microsoft-windows-wmi-activity/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Error	Info		System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]