| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3096; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 848 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3096 | 2808 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:29:35 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2496; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 847 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2496 | 5000 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 7:29:35 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {79C2BA8E-CD0F-4DF4-AB39-62976808B309}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1982112561; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 846 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:29:15 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {71B7B37C-049D-48D5-BA55-6FEFB4044806}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-fc65e48b-3678-4fd2-8b71-145534182b8e"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 845 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:29:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {015FC20E-436E-4FAF-9025-A38044049A98}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-fc65e48b-3678-4fd2-8b71-145534182b8e",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-83452"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 844 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:29:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7D4F4831-3ABF-4A56-A9C5-FECA4BE45CD9}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{AC555F20-C87C-41C5-AE45-DEB826CDEDC7}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 843 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:29:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {CB44595F-B4ED-4BDB-A1A0-4D765266E837}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=933422804; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 842 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:29:08 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {CA65EDEF-52B8-4F28-BDD9-4A271C8FFCB9}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-751a2af0-eba8-494e-8c73-7c6988bf0761"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 841 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:29:07 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7FEACEC2-49E8-47E0-B748-D5CFA2664843}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-751a2af0-eba8-494e-8c73-7c6988bf0761",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-83452"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 840 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:29:07 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1652; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 839 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1652 | 1348 | hv-cinder-83452 | S-1-5-19 | 3/21/2022 7:29:06 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2496; ProviderPath = %SystemRoot%\System32\storagewmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 838 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2496 | 5000 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 7:29:06 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A3343D75-1AC1-411D-A851-B38D220DEF9B}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5080; Component = Unknown; Operation = Start IWbemServices::GetObject - root\virtualization\v2 : \\.\ROOT\virtualization\v2:Msvm_VirtualSystemSettingData.InstanceID="Microsoft:92272EFA-19AE-4346-B82A-2A492F6FC155"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 837 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3928 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:29:06 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {57BBB88B-D2D7-40F8-AA3D-F03413C275D5}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1404031022; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 836 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3928 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:28:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {03D2A352-1BA5-4D08-889E-E53ACCCEB6D2}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-709743a9-cb0c-4649-9a5e-5ffa2d044edd"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 835 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:28:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {D7700942-B5CA-4047-B781-3889AA7E0F43}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-709743a9-cb0c-4649-9a5e-5ffa2d044edd",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-83452"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 834 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3928 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:28:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00761E76-0027-4540-8950-84DB87DE3E22}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5080; Component = Unknown; Operation = Start IWbemServices::GetObject - root\virtualization\v2 : \\.\ROOT\virtualization\v2:Msvm_VirtualSystemSettingData.InstanceID="Microsoft:2984BBC3-8221-409B-84AE-F242CB62EBA3"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 833 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:27:59 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVSS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2496; ProviderPath = %systemroot%\system32\wbem\vsswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 832 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2496 | 5000 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 7:27:17 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1967E3AD-E674-4763-A7C8-444BBC32FF25}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1620948084; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 831 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:27:17 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4848; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 830 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4848 | 4804 | hv-cinder-83452 | S-1-5-19 | 3/21/2022 7:27:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {F014E6E6-D625-4722-8B03-1AAD12F5849F}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-709743a9-cb0c-4649-9a5e-5ffa2d044edd"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 829 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1212 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:26:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {04993DCA-33B8-4842-BF95-E24F8E8D6DC6}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-709743a9-cb0c-4649-9a5e-5ffa2d044edd",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-83452"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 828 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1068 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:26:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4848; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 827 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4848 | 4804 | hv-cinder-83452 | S-1-5-19 | 3/21/2022 7:26:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1EE75585-FCBF-4826-8FDD-A558E86A78FF}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-fc65e48b-3678-4fd2-8b71-145534182b8e"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 826 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:25:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {42935C44-92A7-4B62-BB32-DC5A3B20CFD2}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-fc65e48b-3678-4fd2-8b71-145534182b8e",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-83452"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 825 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:25:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4848; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 824 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4848 | 4804 | hv-cinder-83452 | S-1-5-19 | 3/21/2022 7:25:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2496; ProviderPath = %SystemRoot%\System32\storagewmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 823 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2496 | 5000 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 7:25:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {78737BA9-DE30-4CCE-B8BB-FDF62E2FBA79}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5080; Component = Unknown; Operation = Start IWbemServices::GetObject - root\virtualization\v2 : \\.\ROOT\virtualization\v2:Msvm_VirtualSystemSettingData.InstanceID="Microsoft:FB158DB7-F9B8-461D-A3F4-2FFAC5770DC8"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 822 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:25:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {8D3C0EDF-65D6-488C-AFC5-A2A92001F8B1}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=821088022; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 821 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:23:28 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {36275E6C-D143-43DC-91F2-3FABFEBFF475}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{745AF8F6-F4D9-4CE0-995A-788D79D48080}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 820 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:23:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {80EC1DEA-5A9D-410C-849F-BC2B0FAE11CA}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{29ADE238-8868-4F11-AA13-F9116836DF67}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 819 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:23:26 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {737BFC1B-A37D-4170-9677-C6EA89FD6C00}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{4099D396-B7F4-4B99-A36F-8C52212D1485}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 818 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:23:25 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {F1215421-E500-4DCB-90C2-461686F715FB}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1931162761; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 817 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:23:10 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {41DF6EE6-3A77-4CD7-AEA6-553C4F1E669F}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{5B394745-E2B2-4823-AD13-B13A1541F5E1}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 816 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:23:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2496; ProviderPath = %SystemRoot%\System32\storagewmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 815 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2496 | 5000 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 7:23:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {4176E946-5816-4ABD-AD0B-48B9A390AC6F}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=338741662; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 814 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:22:54 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {909DEDC7-A120-48A1-902C-54BBCCD0EE76}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1993360826; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 813 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:22:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {D49ED9C6-9AD1-4FD6-8BE1-B5ED4BC5920C}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1929395507; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 812 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:22:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {541A34EB-FA25-4530-B67E-5113821C0F11}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1583911798; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 811 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:22:22 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {70A1A418-D59D-4138-BE8B-16D25EE2AD7D}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1903098738; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 810 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:22:21 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {F3D466D6-61EA-4BBE-AD17-FF5B47B30B1C}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=999766453; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 809 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:22:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {B231D304-6FD3-4D95-884E-E510D893E7D9}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=5242919; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 808 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:22:10 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {0FB6A1A2-F79B-475D-AFE1-713F7FDDEA61}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=495881888; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 807 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:22:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C777B9DA-0E86-41CF-9D30-035AD2A2A797}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=932779368; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 806 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:22:08 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A0C007B6-3E79-4384-83E7-BD3FD629B2B4}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=195022523; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 805 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1924 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:22:07 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {B37E8E0F-6CB1-4355-A4D9-05D550686921}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{DA96D604-07F0-409C-855A-E84AA6C8479A}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 804 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:22:06 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {E7D46A7D-D644-4349-9629-BBD70FC70507}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=523309361; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 803 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:57 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {05126C0C-2FD7-4E83-957C-2B096862B8C6}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{02EFF00B-4799-454A-839E-1F846559A06A}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 802 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:56 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {43C30AD5-4D50-4954-A423-64041E68D790}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1156244757; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 801 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:49 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {92F3FCC9-2F8A-40CF-ACE3-61075ABFDF0F}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1999703925; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 800 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:48 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {94F6593A-59B2-4FF0-8FF0-99643A13090C}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=121320242; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 799 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:47 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {48ED64FA-47CA-430C-87C8-BB728BFB7F4E}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=228228743; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 798 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:46 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {8D0CAD52-8282-4959-84D1-CC8FFB44F07B}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1265783979; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 797 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:46 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {4A3E066C-E3C1-409D-B56D-E828CD838270}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5080; Component = Unknown; Operation = Start IWbemServices::GetObject - root\virtualization\v2 : \\.\ROOT\virtualization\v2:Msvm_VirtualSystemSettingData.InstanceID="Microsoft:D7AA44C0-D849-4EDA-B507-4FF87F0F2BBD"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 796 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:45 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {DCD1D943-FC89-436B-A649-B3360529F142}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{ECBF0FEA-6BA0-4FBA-A20D-92E6EE48588F}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 795 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:43 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {0D3411A1-B7E1-4AE3-B540-210DB68B573F}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1404287795; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 794 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:43 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {0F831AB8-3173-459B-9668-D3B26D962FF2}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1385794418; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 793 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:39 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {E261EF17-CF56-40A9-A89F-5CE8F2BEE2D3}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1450495181; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 792 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:38 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1F413033-1999-4A58-8C7E-D392BE02BE8B}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2127525745; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 791 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:37 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {F0B19411-8943-467C-A4C2-D349624222B7}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=914571729; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 790 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1924 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:37 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7203CDCE-F37E-41D8-B6B8-816FBDFA9090}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=796092183; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 789 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {4880C375-0BC8-4B46-88D4-2E5971D5EDE4}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5080; Component = Unknown; Operation = Start IWbemServices::GetObject - root\virtualization\v2 : \\.\ROOT\virtualization\v2:Msvm_VirtualSystemSettingData.InstanceID="Microsoft:5FD49DF1-DDEC-44DE-B432-1885D9DD8BF5"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 788 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {3DA79302-A4C1-43AA-A439-9ED584FE0D8D}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-5684e6b0-feb7-4a6a-9395-602a002c8d07"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 787 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:32 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {EB7E08AF-9E2E-423C-840A-44006F65D06D}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-5684e6b0-feb7-4a6a-9395-602a002c8d07",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-83452"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 786 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:32 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {CECE3A89-044D-4BFF-9664-CA16EFF90D39}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=469394264; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 785 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:31 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {6475BA41-9344-4E67-BCCC-7D88EE752EA2}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-32ae4191-4d1f-4d48-8a6f-7c4beab08394"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 784 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:31 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {D0294972-263B-4DB2-BB99-B28881016317}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-32ae4191-4d1f-4d48-8a6f-7c4beab08394",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-83452"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 783 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:31 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {DCF09253-EC42-45AF-949B-BEDE351C639C}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1337500075; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 782 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1924 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:20 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {399EFC7F-28F6-40A7-A4F0-8F6CAFB779DA}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=503287092; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 781 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1924 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:18 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {570E7CC2-1FD3-4700-A167-892DABF5333B}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2065484643; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 780 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:15 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {8774A437-0B17-4FF3-A33A-1420DDD96BA9}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=184326095; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 779 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1924 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7446C483-0D54-4B3B-ACBD-845DB0BC3B5A}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2102280799; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 778 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1924 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {D6F83A3F-2B80-4395-A217-5D9633BFB764}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=409510500; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 777 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:12 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1670F83E-46EE-446D-ACDE-825F96E919C6}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-397d350a-bd82-412d-9e0a-ede107101446"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 776 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:08 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FDA54B87-945F-4866-B6AA-23F8285396B7}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-397d350a-bd82-412d-9e0a-ede107101446",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-83452"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 775 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:21:08 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2496; ProviderPath = %SystemRoot%\System32\storagewmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 774 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2496 | 5000 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 7:21:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FF78B308-F244-4D60-B532-C2EA6D3674AA}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1957327211; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 773 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:20:47 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9CE0F864-1A75-4494-852D-5DA7F061DDB5}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{0F87F039-C03B-4492-8DEE-A2B55DD8A98F}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 772 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1068 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:20:46 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {DDA3DABD-8A6A-4E05-A448-78F24243DFB7}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{5983BE70-D9A5-4050-982D-BD7ABBE83215}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 771 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:20:44 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {035B20DD-37F7-409E-A126-E51B3699BAB3}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{69BCEDEE-2ED6-4EB2-8BFC-D4A111ED9E41}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 770 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:20:39 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {ABF3D4C8-039A-4A2F-8FE5-2056B9B46CB0}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{2663B5E8-F1CD-446A-A881-D132F4B2DEC1}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 769 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1068 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:20:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {D12356DB-B27C-43FF-A99C-5E1A166A0C91}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{89D176B4-7BC0-447E-BDF4-3C087E7297F0}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 768 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:20:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {4466BFB7-82A1-4CC9-AFDB-2D9D19A4877F}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5080; Component = Unknown; Operation = Start IWbemServices::GetObject - root\virtualization\v2 : \\.\ROOT\virtualization\v2:Msvm_VirtualSystemSettingData.InstanceID="Microsoft:20197E73-4D33-4D6B-BA40-36DE256FBB2A"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 767 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:20:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1D0AD38D-EEB2-4A0D-9EC7-E67580990D97}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2130478317; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 766 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:57 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {55AEA83D-0C64-4341-8D1B-44D87C83036B}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-4e169224-e335-4ae6-a7ea-2b678a0eae43"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 765 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3644 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:57 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {8C162D9C-BB9D-4F7C-9FAB-8D4B42CCD295}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-4e169224-e335-4ae6-a7ea-2b678a0eae43",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-83452"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 764 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:56 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {15487E70-6EA2-45EA-90E6-FD8DDB4826CE}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1636169743; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 763 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:55 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A9884D29-A39B-48D5-8154-DA01A6CFA69B}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=328836407; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 762 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:54 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {E6DA73CF-5280-4622-A745-D82296F4D584}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-cd2ea1d9-09b1-4f5e-8516-ffd40d4e7ebd"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 761 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:46 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {AA8ADFB3-6A29-4684-BF0C-21FFE97367BE}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-cd2ea1d9-09b1-4f5e-8516-ffd40d4e7ebd",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-83452"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 760 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:46 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {5CD022BF-0993-4B87-9DBC-7B50B784FB2E}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-0fab7d31-4bd8-44e0-8ee3-bdb63febbc1d"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 759 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3644 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:43 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {081B8015-1906-4C90-AAAF-359258323180}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-0fab7d31-4bd8-44e0-8ee3-bdb63febbc1d",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-83452"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 758 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3644 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:43 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {AEB2FE22-276C-49BE-A867-07041ED26A34}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=572756318; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 757 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1212 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:25 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {D4787616-86FF-44EC-A140-DCAD787F7599}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1498642247; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 756 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:24 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {AB6F9278-0DC8-488F-912A-73989789900F}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=153312942; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 755 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4732 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {97AB3D15-166C-40B9-8C6B-AD8EA6C3051D}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{7EC312D1-330A-47AA-B4A5-4777E41B7798}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 754 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:22 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7EB23CDB-405A-4342-A7BF-8E48F1E0907B}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1069757526; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 753 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4732 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:21 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FBCB50C7-294E-4FF8-8BA1-F5CEEE89B3B0}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{65CAE26B-DFD7-4216-AA6C-090545805DF4}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 752 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4732 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:19 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9E24657B-4230-4258-A671-94C34DEF4A6E}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=366980072; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 751 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:18 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {B4E244A7-81A5-4795-AFE0-8581CAC5B457}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=189103381; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 750 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:17 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {01F0A83F-DA65-4ACC-985B-14B2A101B3A4}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=276476263; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 749 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:10 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {5137D031-34C8-440E-9EF0-E7A3F24AD557}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=86859393; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 748 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVSS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2496; ProviderPath = %systemroot%\system32\wbem\vsswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 747 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2496 | 5000 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 7:19:05 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {D3C83E6B-5A3B-4B8F-9D94-33EA68FA823D}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-db8c349d-efa3-4ce6-95ed-4b7d8196fcf4"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 746 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {810A6B2F-1C59-41B1-860B-5253C1E05628}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-db8c349d-efa3-4ce6-95ed-4b7d8196fcf4",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-83452"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 745 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:19:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {34631B12-849D-4060-8396-93D9FB509F37}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-3302ede3-eb56-45fc-a3db-a3df5373072e"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 744 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:18:59 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {D4141BE8-39A1-4CB8-9E12-21782ADEE52C}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-3302ede3-eb56-45fc-a3db-a3df5373072e",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-83452"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 743 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1924 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:18:59 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {40EE5662-43C7-4968-9105-20E9D083B1A4}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{3B1CEC31-5336-4118-8707-C1247225F309}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 742 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1068 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:18:57 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C0ED3CBF-7414-48AE-9D8C-D113875DE4A3}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-021b2097-ff4f-4dc0-ba11-aaff701cd2ac"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 741 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:18:56 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {004965AF-605B-4E60-BFCC-B01FFAE352E1}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-021b2097-ff4f-4dc0-ba11-aaff701cd2ac",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-83452"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 740 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:18:56 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {F3F41ED4-6EB5-4945-96D1-F6FB81D11438}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{0953A0D6-3D7E-4E69-B9F6-AE489504AB44}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 739 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:18:56 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A07DADE1-0D8C-43FA-B754-301D8D351D9C}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{6D4AB52D-42B5-4263-9F93-734A449E0140}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 738 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:18:55 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {BF2B39F0-7C9B-48EA-9D0B-24B4777D10AB}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{1DE34F76-3AB3-4A2A-BD11-19FECF38F16A}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 737 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:18:24 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1F2E9D04-2BF7-48F8-A9EC-0D018DFEA6A0}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5080; Component = Unknown; Operation = Start IWbemServices::GetObject - root\virtualization\v2 : \\.\ROOT\virtualization\v2:Msvm_VirtualSystemSettingData.InstanceID="Microsoft:70A860EE-29FE-4A9B-B969-56461430161A"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 736 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3192 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:18:18 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {CDE9572A-7453-45F7-BE71-E298AB6FD2A8}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-029e5c58-4742-418d-872f-b9b9ff006f3f"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 735 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1068 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:18:15 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {95AA17EA-D856-437B-AA9E-895FCCCCA813}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-029e5c58-4742-418d-872f-b9b9ff006f3f",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-83452"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 734 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1068 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:18:15 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {D61FDC6F-9FC1-468A-B6D2-4341E09B6988}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-abfa3d07-ad76-4fbf-8a08-340ef04b0177"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 733 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1068 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:18:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {F8D181B9-9F68-4B54-AAF7-04724E3B240A}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-abfa3d07-ad76-4fbf-8a08-340ef04b0177",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-83452"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 732 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:18:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FAA53E19-2EC4-4AE9-A3D3-2A7700308446}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{AD75073A-B0CB-4B7F-A19F-F6380ED3D114}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 731 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:18:06 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {5B3B27DF-6A53-4BB2-B607-0AC8CA934096}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{6032EB0F-436D-42FB-8515-8D811A4C59FC}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 730 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:18:05 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A2503BA0-D2BC-4417-9CB7-9F9953D6DB2E}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{D6934D66-37C6-4840-8567-1EB5AAAF2051}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 729 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1068 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:18:03 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2496; ProviderPath = %SystemRoot%\System32\storagewmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 728 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2496 | 5000 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 7:17:19 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {EEB9C1A8-6918-48CB-B6B4-E61281383133}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2002036484; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 727 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3720 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:49 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {5FEF4747-2E3B-44F9-AD86-B9EE20E1B7BB}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=545521882; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 726 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3720 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:48 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C452C672-9C01-4C14-B5A5-C35F10792778}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=553446412; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 725 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4732 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:48 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {EF329932-6B59-4DE1-80CC-052C6167542C}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{DC0465D5-65F4-4120-ABB7-395B17532ABF}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 724 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:47 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {402CDE1B-4570-4E96-8C7A-8E8800B4E0DD}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1587504620; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 723 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3720 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:47 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {123B2E5D-1DC4-4B21-818D-3290EF326B9B}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1917255699; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 722 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4624 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:44 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {F7127B41-B438-4F5D-8AA3-FB72D8D13B69}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{F32C2F42-9E19-45C6-B578-E6E8E920E39A}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 721 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:43 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {B8DDE007-C431-4AE2-8558-161B39E299F1}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=243149452; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 720 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4624 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:43 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7D3F83BA-E607-43B7-862C-1CF0295213A2}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1269075353; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 719 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4624 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:39 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {38015CA6-6A81-46F0-8E56-8FAF0C9BEC96}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1830404873; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 718 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:38 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {195A91FC-5E09-40CE-9EE9-4BEC807DACD2}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2147013183; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 717 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3928 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:38 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7D4A44CC-56E9-4E88-B2B1-67063251D7B5}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{8C222120-C6E7-4701-AA4D-BC666FA215C9}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 716 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4732 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:38 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1C6F7EC7-A5F5-4E09-8933-29D139159A12}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1171457797; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 715 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4624 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:37 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {65B873DB-5723-4D1D-8CE9-FCF80CAF0E19}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1683552505; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 714 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3680 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:37 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {3DE6C8E3-6B63-4FC9-8A55-E0B7A6CACCE0}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{5D07E97A-E289-4D1F-A138-61472E116336}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 713 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1068 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:37 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {5E531F58-3876-4962-881B-6C092536B833}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{72BD070F-72CC-453B-9C69-E21B8D5ECAB3}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 712 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3680 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {17E67752-6463-4AED-BE10-645152CE7E91}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=291363948; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 711 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3680 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {150DABAB-C897-47C1-8DE8-9092EAAF7897}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=770194061; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 710 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:24 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {0536A721-076A-435E-B3BB-6CE44ACCE32E}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{795AC84D-0DAF-4BFE-B2A1-E855725DA911}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 709 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {BF0303F8-4FB0-4B20-AEB6-830C676273A0}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{DABA830E-FA9B-47BB-8B23-E614DD9DD710}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 708 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:22 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {0C3B1C00-D2DB-4439-BF6A-693F9C5B1D36}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=799796976; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 707 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1068 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:07 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {447C4BA7-CF4A-46F7-B2B9-AD19D98C95CE}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1058219146; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 706 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3928 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:07 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {91D1430A-1D5F-4DF7-8B39-1277B3209277}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1313228954; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 705 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3928 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:04 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {3EBB79C6-ECC4-4CB8-8B0B-5DC5C2782372}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=350475762; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 704 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3928 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:04 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {60D6A78A-EDAB-46D1-8AAB-C49F227A5796}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1005421371; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 703 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3928 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:16:01 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {4B6E9FAD-44E0-4B86-B004-6FD6373C698F}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1293782962; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 702 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:59 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00BA2F35-5ABA-4124-BE2C-C8E65D5FF52E}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=42785041; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 701 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:56 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {5DB3A559-84CA-4503-998A-55AFE6070D43}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=340874883; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 700 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1068 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:56 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {554F138A-A6F3-49B1-A616-ECC4B4DCA218}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1022145855; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 699 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1068 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:53 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {31D01A62-ECCD-4CA9-AC06-F54ABB3737CD}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1985556525; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 698 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:51 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A7A1F543-1215-48E4-8DE8-9EEBA888F442}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=223767044; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 697 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1068 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:49 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {15DE28D3-040C-4902-89BA-35D4F986AC01}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=788053406; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 696 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1068 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:46 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {B7E1BCD3-CA49-430B-996B-15E1A76EA171}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=825824187; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 695 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:45 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {98DB223A-23BD-4062-B8A0-1CC15CE805B3}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1314560968; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 694 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1068 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:43 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {D967CE18-4C52-4525-985E-AC37B1FEF3DA}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1477078763; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 693 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3720 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:43 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9B609460-3FC3-46E3-94A1-693E312339EA}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1368797002; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 692 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:41 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {4DB73D85-0154-45CE-856E-50BC3EED2C18}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=468805697; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 691 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3720 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {F6938078-BACD-496E-877F-469BD3BCB16E}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Host.HostName="iqn.2010-10.org.openstack:volume-aefb8518-6fdc-4f45-b9e9-92946f517c1e"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 690 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3720 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:39 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {95FED3EF-0A00-419A-9989-08C6FCBE70A9}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_IDMethod.HostName="iqn.2010-10.org.openstack:volume-aefb8518-6fdc-4f45-b9e9-92946f517c1e",Method=4,Value="iqn.1991-05.com.microsoft:hv-cinder-83452"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 689 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:39 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {E1AD8013-5B92-44BD-B0D7-30B90A242F88}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5080; Component = Unknown; Operation = Start IWbemServices::GetObject - root\virtualization\v2 : \\.\ROOT\virtualization\v2:Msvm_VirtualSystemSettingData.InstanceID="Microsoft:012B1395-B276-46F3-9154-405CB771EEC5"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 688 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:37 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {BF07178B-F47C-43F9-A83D-59A2F6EB3ABC}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=632602817; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 687 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {5559BE28-B981-4FB8-9DB2-8589C4A85305}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1299671830; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 686 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {91EA76CD-0657-42DE-8DB1-A76EFFC67B23}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=437375775; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 685 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:32 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {031E90F1-32E0-4777-95A5-01EB8A545929}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=220447900; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 684 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:30 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {B270F949-848B-47E2-B472-40AB031D99A3}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{7509AF0F-1B5D-471B-B848-6EAD99F8EA0D}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 683 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:30 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {46D59388-31CC-4AFA-808D-1B0077E6C216}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=533692034; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 682 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4896 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:30 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2496; ProviderPath = %SystemRoot%\System32\storagewmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 681 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2496 | 5000 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 7:15:26 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {8A6B1C5A-4B4A-4244-8C68-4A33E65DA558}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2024666556; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 680 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3680 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:24 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {2C1B9FF9-E84E-4C17-8B79-B9A033D664E0}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=463120695; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 679 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3680 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {5CEEBFE1-1F93-44D0-A224-92780056991E}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1696732294; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 678 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:22 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {064CA977-880E-47F5-87C1-5D1F4E71520D}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1284500813; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 677 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:22 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {C9AC4FB6-E85B-42AC-A296-EB05F18807E5}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{CFB4C172-76B8-4CD8-9478-AB86AA1F6DA9}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 676 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:21 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {B116C152-0B9D-4DBB-9187-6CA0AABA2476}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{93D5028F-6886-4B6E-A093-832A132F4762}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 675 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3680 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:21 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {67E59101-46AC-4B31-8C05-690374C1A006}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=791738314; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 674 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3528 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:12 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {2F8BF315-662B-4655-8B53-E5CD720E8C18}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{A45B5F6F-CAEC-4634-B5DB-871A59C357C2}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 673 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4732 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:12 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {8F9793C7-BA0E-4419-B2A3-086934DE06B8}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=430581937; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 672 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:02 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A624D26C-205C-487F-890D-FF4012FD4503}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1147237221; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 671 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3680 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:02 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {1FDF9E4D-EEB1-4560-BA9A-E60D1E22BAFC}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{00642F56-9214-4692-8FA3-5F6144DAD5D9}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 670 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4732 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {09242EC2-C507-4762-AB4A-404EFBAE78E7}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1557147806; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 669 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2800 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:15:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {3445CA26-82A5-41D6-93FD-0B318B0692FD}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{DE3E81F9-E5D2-43E4-B5C4-88DD0B649705}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 668 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:14:59 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {908B8490-0B75-4599-AF93-9D3E9432CBD2}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1166639649; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 667 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:14:59 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {5C3A40CC-59FE-41AA-B29A-2260F0FEA033}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1763763689; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 666 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4624 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:14:59 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {5FF8E168-0165-4611-B6A2-5E1B620093B9}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=772755700; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 665 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 4480 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:14:54 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {5F0CA7CD-E5A4-4255-AD8B-CA50216341C0}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=2097147860; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 664 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:14:52 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {308A4618-4F4A-4439-BE01-15E153F2F4CA}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=807968995; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 663 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3680 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:14:52 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {BBFC3C7C-3EDE-45FC-994F-6DAFB99292F0}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=1757936618; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 662 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3680 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:14:51 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {3550840C-D37F-498A-8A0C-7C3263768009}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Disk.WTD=33220399; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 661 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3684 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:14:51 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7E014A1F-5D10-4851-8B73-B7755C82462A}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 5064; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\wmi : \\.\ROOT\wmi:WT_Snapshot.Id="{00E3FE0E-DDD5-4020-900C-47C19B7252B5}"; ResultCode = 0x80041024; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 660 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3680 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:14:48 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVSS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2496; ProviderPath = %systemroot%\system32\wbem\vsswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 659 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2496 | 5000 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 7:14:41 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2496; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 658 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2496 | 4568 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 7:14:41 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3776; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 657 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3776 | 4404 | hv-cinder-83452 | S-1-5-19 | 3/21/2022 7:14:41 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2496; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 656 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2496 | 4568 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 7:14:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2116; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 655 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2116 | 2648 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:13:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2496; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 654 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2496 | 2428 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 7:13:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __InstanceDeletionEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_SyntheticEthernetPortSettingData' ; UserName = NT AUTHORITY\SYSTEM; ClientProcessID = 4080, ClientMachine = HV-CINDER-83452; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 653 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3192 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:12:43 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __InstanceCreationEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_SyntheticEthernetPortSettingData' ; UserName = NT AUTHORITY\SYSTEM; ClientProcessID = 4080, ClientMachine = HV-CINDER-83452; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 652 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3192 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:12:43 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = root\virtualization\v2; NotificationQuery = SELECT EnabledState, TargetInstance FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Msvm_ComputerSystem' AND TargetInstance.EnabledState != PreviousInstance.EnabledState AND (TargetInstance.EnabledState = '2' OR TargetInstance.EnabledState = '3' OR TargetInstance.EnabledState = '32768' OR TargetInstance.EnabledState = '32769'); UserName = NT AUTHORITY\SYSTEM; ClientProcessID = 5080, ClientMachine = HV-CINDER-83452; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 651 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3192 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:12:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1880; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 650 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1880 | 92 | hv-cinder-83452 | S-1-5-19 | 3/21/2022 7:12:38 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1680; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 649 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1680 | 1144 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:12:38 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_WIN32_TERMINALSERVICE_Prov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2496; ProviderPath = %SystemRoot%\system32\tscfgwmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 648 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2496 | 2428 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 7:12:24 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2116; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 647 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2116 | 2648 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 7:12:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2496; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 646 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2496 | 2428 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 7:12:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2496; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 645 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2496 | 2428 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 7:12:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3396; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 644 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3396 | 3096 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 6:46:28 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4460; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 643 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4460 | 5052 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 6:45:28 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_WIN32_TERMINALSERVICE_Prov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4460; ProviderPath = %SystemRoot%\system32\tscfgwmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 642 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4460 | 4440 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 6:45:26 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4460; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 641 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4460 | 5052 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 6:45:26 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3616; ProviderPath = %systemroot%\system32\wbem\msiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 640 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3616 | 3644 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:51:30 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 748; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 639 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 748 | 3556 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 5:49:51 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {8A1B89F8-3D4B-0002-268D-1B8A4B3DD801}; ClientMachine = HV-CINDER-83452; User = HV-CINDER-83452\Admin; ClientProcessId = 3596; Component = Core; Operation = Start IWbemServices::ExecNotificationQuery - root\virtualization\v2 : SELECT * FROM __InstanceDeletionEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; ResultCode = 0x800706BE; PossibleCause = Could not send status to client | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 638 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2632 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:48:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {8A1B89F8-3D4B-0002-268D-1B8A4B3DD801}; ClientMachine = HV-CINDER-83452; User = HV-CINDER-83452\Admin; ClientProcessId = 3596; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - root\virtualization\v2 : SELECT * FROM __InstanceDeletionEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 637 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3936 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:48:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {8A1B89F8-3D4B-0002-268D-1B8A4B3DD801}; ClientMachine = HV-CINDER-83452; User = HV-CINDER-83452\Admin; ClientProcessId = 3596; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - root\virtualization\v2 : SELECT * FROM __InstanceModificationEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 636 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3936 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:48:35 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __InstanceDeletionEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; UserName = HV-CINDER-83452\Admin; ClientProcessID = 3596, ClientMachine = HV-CINDER-83452; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 635 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3936 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:48:35 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __InstanceModificationEvent WITHIN 2 WHERE TargetInstance ISA 'Msvm_ConcreteJob'; UserName = HV-CINDER-83452\Admin; ClientProcessID = 3596, ClientMachine = HV-CINDER-83452; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 634 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3936 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:48:35 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 704; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 633 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 704 | 1432 | hv-cinder-83452 | S-1-5-19 | 3/21/2022 5:48:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2984; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 632 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2984 | 3192 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 5:48:32 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSiSCSITargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3900; ProviderPath = C:\windows\system32\wbem\SmIscsiTargetProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 631 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3900 | 1148 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 5:48:30 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WinTargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1348; ProviderPath = C:\windows\system32\wbem\WTWMIProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 630 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1348 | 3908 | hv-cinder-83452 | S-1-5-19 | 3/21/2022 5:48:30 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3616; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 629 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3616 | 3644 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:48:29 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSiSCSITargetProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3900; ProviderPath = C:\windows\system32\wbem\SmIscsiTargetProv.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 628 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3900 | 1344 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 5:48:29 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_WIN32_TERMINALSERVICE_Prov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2984; ProviderPath = %SystemRoot%\system32\tscfgwmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 627 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2984 | 3036 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 5:48:17 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| wfascim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2984; ProviderPath = %systemroot%\system32\wbem\wfascim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 626 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2984 | 3192 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 5:48:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4064; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 625 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4064 | 960 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:47:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2984; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 624 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2984 | 3036 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 5:47:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2880; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MSiSCSI_PortalInfoClass; ResultCode = 0x8004100C; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 623 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1140 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:47:12 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2880; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MS_SM_AdapterInformationQuery; ResultCode = 0x8004100C; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 622 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 1140 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:47:12 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| wmiprov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3616; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 621 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3616 | 3644 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:47:12 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-83452; User = HV-CINDER-83452\cloudbase-init; ClientProcessId = 2088; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT RemainingWindowsReArmCount, KeyManagementServiceListeningPort, KeyManagementServiceDnsPublishing, KeyManagementServiceLowPriority, ClientMachineId, KeyManagementServiceHostCaching, Version FROM SoftwareLicensingService; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 620 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2004 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:47:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| SppProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2984; ProviderPath = %SystemRoot%\System32\sppwmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 619 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2984 | 3036 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 5:47:08 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_TpmProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2984; ProviderPath = C:\Windows\system32\wbem\Win32_TPM.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 618 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2984 | 3036 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 5:46:53 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3004; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT VirtualizationBasedSecurityStatus FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 617 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2004 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:53 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3004; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 616 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2004 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:53 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_DeviceGuard provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2984; ProviderPath = %SystemRoot%\System32\Win32_DeviceGuard.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 615 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2984 | 3036 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 5:46:53 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3004; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\CIMV2 : SELECT SMBIOSAssetTag FROM Win32_SystemEnclosure ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 614 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3804 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:51 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3004; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ID FROM Win32_ServerFeature; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 613 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3804 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:48 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4064; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 612 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4064 | 1136 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:43 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| ServerFeatureProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2984; ProviderPath = %windir%\system32\wbem\servercompprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 611 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2984 | 3036 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 5:46:43 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 610 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 609 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 608 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 607 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 606 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 605 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 604 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 603 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 602 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 601 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 600 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 599 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 598 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 597 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 596 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 595 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 594 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 593 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 592 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 591 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 590 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 589 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 588 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 587 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 586 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 585 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 584 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 583 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 582 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 581 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 580 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 579 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 578 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 577 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 576 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 575 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 574 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 573 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 572 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 571 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 570 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 569 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 568 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 567 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 566 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {61237192-5DBE-4FE5-BB76-5C1161999BE4}; ClientMachine = HV-CINDER-83452; User = ; ClientProcessId = 548; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 565 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 548; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 564 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3900 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:35 PM | 8a1b89f8-3d4b-0001-668a-1b8a4b3dd801 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __ClassOperationEvent; UserName = .\SYSTEM; ClientProcessID = 0, ClientMachine = ; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 563 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 562 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 3892 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2984; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 561 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2984 | 3036 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 5:46:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3616; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 560 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3616 | 3644 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3616; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 559 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3616 | 3644 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2984; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 558 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2984 | 3036 | hv-cinder-83452 | S-1-5-20 | 3/21/2022 5:46:28 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2532; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 557 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2852 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:28 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = HV-CINDER-83452; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1756; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User : __Namespace.name="S_1_5_21_6492141_952484172_2212423990_500"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 556 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 548 | 2792 | hv-cinder-83452 | S-1-5-18 | 3/21/2022 5:46:28 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-JNOJMB6UHC4; User = NT AUTHORITY\SYSTEM; ClientProcessId = 692; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MSiSCSI_PortalInfoClass; ResultCode = 0x8004100A; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 555 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 524 | 2200 | WIN-5T344G8GM1H | S-1-5-18 | 3/21/2022 5:45:54 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-JNOJMB6UHC4; User = NT AUTHORITY\SYSTEM; ClientProcessId = 692; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MS_SM_AdapterInformationQuery; ResultCode = 0x8004100A; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 554 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 524 | 2200 | WIN-5T344G8GM1H | S-1-5-18 | 3/21/2022 5:45:54 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-JNOJMB6UHC4; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2188; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 553 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 524 | 2432 | WIN-5T344G8GM1H | S-1-5-18 | 3/21/2022 5:45:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-JNOJMB6UHC4; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1768; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : select * from Win32_OperatingSystem; ResultCode = 0x8004100A; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 552 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 524 | 2432 | WIN-5T344G8GM1H | S-1-5-18 | 3/21/2022 5:45:00 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4848; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "RNDISMPStatisticsOID"; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 551 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 3432 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:09 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4848; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WMIBinaryMofResource where Name = "C:\\windows\\System32\\drivers\\en-US\\netvsc.sys.mui[NdisMofResource]"; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 550 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 3432 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:48:09 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4460; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 549 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4460 | 5048 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:46:31 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4460; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 548 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4460 | 5048 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:46:31 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4848; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 547 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4848 | 4776 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:45:30 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = WIN-5T344G8GM1H\Administrator; ClientProcessId = 4956; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\Defender : SELECT * FROM MSFT_MpComputerStatus; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 546 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 1176 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:42:52 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| ProtectionManagement provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3752; ProviderPath = "%ProgramData%\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\ProtectionManagement.dll" | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 545 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3752 | 2228 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:42:52 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MsNetImPlatform provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\ndisimplatcim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 544 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2776 | 3064 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:42:52 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4120; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 543 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4120 | 4148 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:42:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 542 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2776 | 1292 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:42:48 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3752; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 541 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3752 | 2228 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:42:48 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 540 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2776 | 3064 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:42:48 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 539 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2776 | 3064 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:42:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 538 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2776 | 3064 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:42:16 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4120; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 537 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4120 | 4148 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:43 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 536 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2776 | 1292 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:41:39 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3752; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 535 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3752 | 2228 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:41:39 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 534 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2776 | 2812 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:41:39 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 976; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 533 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2172 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | ad8d0f9c-9109-0001-0a10-8dad0991d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __ClassOperationEvent; UserName = .\SYSTEM; ClientProcessID = 0, ClientMachine = ; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 532 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 531 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 388 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 530 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 529 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 528 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 527 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 526 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 525 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 524 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 523 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 522 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 521 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 520 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 519 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 518 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 517 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 516 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 515 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 514 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 513 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 512 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 511 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 510 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 509 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 508 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 507 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 506 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 505 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 504 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 503 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 502 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 501 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 500 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 499 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 498 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 497 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 496 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 495 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 494 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 493 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 492 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 491 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 490 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 489 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 488 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 487 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 486 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9663586B-26CE-4E7F-A115-7420EF71DDF6}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 976; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 485 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2680 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2776; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 484 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2776 | 2848 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:41:31 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2204; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 483 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2692 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:41:30 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3176; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 482 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3176 | 1548 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:40:26 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_RegisteredSubprofile; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 481 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 4728 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_SubProfileRequiresProfile; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 480 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 4728 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_RegisteredProfile; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 479 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 4728 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_ReferencedProfile; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 478 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 4728 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_ElementSoftwareIdentity; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 477 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 4728 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_ElementConformsToProfileEx; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 476 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 4728 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\interop\ms_409 : MSFTSM_ElementConformsToProfile; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 475 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 4728 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3952; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\cimv2\storage\ms_409 : __Namespace.Name='iscsitarget'; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 474 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 4728 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 473 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3968 | 4084 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2712; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 472 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2712 | 592 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:38:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2712; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 471 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2712 | 592 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:38:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4348; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 470 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4348 | 2924 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:35:55 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4444; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 469 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4444 | 4516 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:35:55 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4348; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 468 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4348 | 4632 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:35:55 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4348; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 467 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4348 | 4632 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:35:41 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4348; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 466 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4348 | 4632 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:35:41 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 465 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4824 | 1600 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:34:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1548; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 464 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1548 | 2160 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:34:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 463 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4824 | 1600 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:34:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 462 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4824 | 4808 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:34:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 764; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 461 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 764 | 1020 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:33:46 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 460 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4824 | 4808 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:32:20 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4824; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 459 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4824 | 4808 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:32:20 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 458 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3968 | 4084 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:31:16 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1520; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 457 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1520 | 2704 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:29:44 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1520; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 456 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1520 | 2704 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:29:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {4693033F-66F0-46C4-8E27-99621765768B}; ClientMachine = WIN-5T344G8GM1H; User = WIN-5T344G8GM1H\Administrator; ClientProcessId = 4124; Component = Core; Operation = Start IWbemServices::ExecMethod - root\microsoft\windows\servermanager : MSFT_ServerManagerTasks::GetServerFeature; ResultCode = 0x800706BE; PossibleCause = Could not send status to client | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 455 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2716 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {4693033F-66F0-46C4-8E27-99621765768B}; ClientMachine = WIN-5T344G8GM1H; User = WIN-5T344G8GM1H\Administrator; ClientProcessId = 4124; Component = Unknown; Operation = Start IWbemServices::ExecMethod - root\microsoft\windows\servermanager : MSFT_ServerManagerTasks::GetServerFeature; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 454 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 432 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:32 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4608; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 453 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4608 | 4636 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:30 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 452 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2872 | 2896 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:26 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4344; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 451 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4344 | 4368 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:27:26 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 450 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2872 | 2900 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:25 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 449 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2872 | 2900 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:20 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 448 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2872 | 2900 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:19 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 956; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 447 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2284 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | aff0bd57-9107-0002-9bbd-f0af0791d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = root\virtualization\v2; NotificationQuery = SELECT * FROM __ClassOperationEvent; UserName = .\SYSTEM; ClientProcessID = 0, ClientMachine = ; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 446 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 445 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2284 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:18 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 444 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 443 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 442 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 441 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 440 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 439 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 438 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 437 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 436 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 435 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 434 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 433 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 432 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 431 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 430 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 429 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 428 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 427 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 426 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 425 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 424 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 423 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 422 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 421 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 420 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 419 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 418 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 417 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 416 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 415 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 414 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 413 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2868 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 412 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 411 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 410 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 409 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 408 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 407 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 406 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 405 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2868 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 404 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 403 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 402 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 401 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 400 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {96FB381F-0CD5-4B08-B375-7D41E6D4BD5A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 399 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 398 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 397 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 396 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 395 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 394 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 393 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 392 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 391 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 390 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 389 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 388 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 387 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 386 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 385 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 384 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 383 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 382 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 381 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 380 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 379 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 378 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 377 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 376 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 375 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 374 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 373 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 372 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 371 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 370 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 369 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 368 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 367 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 366 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 365 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 364 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 363 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 362 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 361 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 360 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 359 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 358 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 357 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 356 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 355 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 354 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {FD8B735D-48A5-4AFF-82A0-4530749B9C93}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 956; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 353 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2872; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 352 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2872 | 2900 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2336; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 351 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2864 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:27:17 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = ROOT\virtualization\v2; NotificationQuery = SELECT * FROM __ClassOperationEvent; UserName = .\SYSTEM; ClientProcessID = 0, ClientMachine = ; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 350 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2360; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - root\virtualization\v2 : Msvm_ResourcePoolComponent.Name="Microsoft|RDV Integration Component Resource Pool|V2.0"; ResultCode = 0x80041010; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 349 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:52 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : Msvm_VirtualHardDiskState; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 348 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : Msvm_VirtualHardDiskSettingData; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 347 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : Msvm_VirtualHardDiskInfo; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 346 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : Msvm_ServicingSettings; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 345 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_SettingsDefineState; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 344 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_ServiceAffectsElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 343 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_ManagedElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 342 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_ElementSettingData; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 341 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_ElementCapabilities; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 340 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_Dependency; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 339 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_Component; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 338 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2 : CIM_AffectedJobElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 337 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : Msvm_SummaryInformationBase; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 336 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_SettingsDefineState; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 335 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_ServiceAffectsElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 334 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_ManagedElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 333 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_ElementSettingData; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 332 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_ElementCapabilities; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 331 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_Dependency; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 330 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_Component; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 329 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\HyperVCluster\v2\ms_409 : CIM_AffectedJobElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 328 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 968; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 327 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | 96ed06e7-9107-0000-3d07-ed960791d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 326 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2948 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:51 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VirtualDiskChangedRange; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 325 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VHDSSnapshotInformation; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 324 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VHDSetInformation; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 323 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VirtualHardDiskSettingData; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 322 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_VirtualHardDiskInfo; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 321 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_SummaryInformationBase; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 320 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : Msvm_ServicingSettings; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 319 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_SettingsDefineState; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 318 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_ServiceAffectsElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 317 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_ManagedElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 316 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_ElementSettingData; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 315 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_ElementCapabilities; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 314 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_Dependency; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 313 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_Component; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 312 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2 : CIM_AffectedJobElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 311 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VirtualDiskChangedRange; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 310 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VHDSSnapshotInformation; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 309 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VHDSetInformation; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 308 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VirtualHardDiskSettingData; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 307 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_VirtualHardDiskInfo; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 306 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_SummaryInformationBase; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 305 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : Msvm_ServicingSettings; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 304 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_SettingsDefineState; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 303 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_ServiceAffectsElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 302 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_ManagedElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 301 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_ElementSettingData; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 300 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_ElementCapabilities; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 299 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_Dependency; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 298 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_Component; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 297 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1528; Component = Unknown; Operation = Start IWbemServices::DeleteClass - root\virtualization\v2\ms_409 : CIM_AffectedJobElement; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 296 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 968 | 2820 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:26:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2840; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 295 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2840 | 2880 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:26:46 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2840; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 294 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2840 | 2880 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:26:44 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2840; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 293 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2840 | 2864 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:26:42 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 308; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 292 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2620 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:25:03 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 308; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 291 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 404 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:25:02 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2528; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 290 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2528 | 3456 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:24:56 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2508; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 289 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2508 | 4092 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:24:53 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2736; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 288 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2736 | 3804 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:24:53 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2508; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 287 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2508 | 4092 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:24:53 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2508; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 286 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2508 | 2824 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:24:53 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3200; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 285 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3200 | 3644 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:15 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 284 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 2920 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:23:12 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2540; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 283 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2540 | 3240 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:23:12 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 282 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 2884 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:23:11 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 281 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 2884 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:23:05 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 280 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 2884 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:23:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 956; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 279 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2916 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | 17f2f0cc-9107-0002-12f1-f2170791d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 278 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 956 | 2908 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:23:03 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 277 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 2884 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:23:02 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3808; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 276 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3808 | 4032 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:14:59 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2664; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 275 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2664 | 2720 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:14:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2972; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 274 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2972 | 156 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:14:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2664; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 273 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2664 | 2720 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:14:57 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2664; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 272 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2664 | 1584 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:14:57 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = WIN-5T344G8GM1H\Administrator; ClientProcessId = 1860; Component = Unknown; Operation = Start IWbemServices::PutInstance - root\cimv2 : Win32_ComputerSystem.Name="WIN-5T344G8GM1H"; ResultCode = 0x80041001; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 271 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1180 | 4136 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:11:39 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4368; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 270 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4368 | 4496 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:10:55 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1784; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 269 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1784 | 2240 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 9:05:00 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 952; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 268 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 952 | 452 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:04:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1152; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 267 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1152 | 1396 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 9:04:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 952; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 266 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 952 | 452 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:04:57 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 952; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 265 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 952 | 1000 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:04:57 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3176; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 264 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3176 | 3364 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:58:49 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4672; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 263 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4672 | 4700 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:57:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4672; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 262 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4672 | 4700 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:57:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 88; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 261 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1180 | 1284 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:56:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4672; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 260 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4672 | 4700 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:56:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 1180; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 259 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1180 | 4340 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:56:46 AM | 289cfce6-9103-0003-f9fd-9c280391d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 258 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1180 | 4340 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:56:46 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 257 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3968 | 4008 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:55:06 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 256 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3968 | 4008 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:55:05 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3688; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 255 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3688 | 3696 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:55:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 254 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3968 | 4020 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:54:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4024; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 253 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4024 | 4052 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:54:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 252 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3968 | 4008 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:54:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3968; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 251 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3968 | 3996 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:54:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3880; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 250 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3880 | 3916 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:54:38 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {7C5C4FFB-9102-0000-4A51-5C7C0291D301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 1192; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 249 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1192 | 3004 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:34 AM | 7c5c4ffb-9102-0000-4a51-5c7c0291d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1200; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 248 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1200 | 2840 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:54:03 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 1192, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 247 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1192 | 2792 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:52:27 AM | 7c5c4ffb-9102-0001-8851-5c7c0291d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1192; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 246 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1192 | 2792 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:52:27 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 1192; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 245 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1192 | 2796 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:51:57 AM | 7c5c4ffb-9102-0001-5f51-5c7c0291d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 244 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1192 | 2796 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:51:57 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 243 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3832 | 3932 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:51:38 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 242 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3832 | 3872 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:51:37 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 428; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 241 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 428 | 1316 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:51:13 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 240 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3832 | 3872 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:51:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3888; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 239 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3888 | 3916 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:51:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 238 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3832 | 3872 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:51:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3832; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 237 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3832 | 3860 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:51:04 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4796; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 236 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4796 | 840 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:45:55 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2284; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 235 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2284 | 2676 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:44:15 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2548; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 234 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2548 | 2728 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:44:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2300; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 233 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2300 | 4360 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:44:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2548; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 232 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2548 | 2728 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:44:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2548; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 231 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2548 | 3736 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:44:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1052; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 230 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1052 | 4868 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:36:56 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3184; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 229 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3184 | 404 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:34:15 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_WIN32_TERMINALSERVICE_Prov provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %SystemRoot%\system32\tscfgwmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 228 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 4616 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:34:14 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4600; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\WMI : SELECT * FROM BatteryStaticData; ResultCode = 0x80041010; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 227 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 4904 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:34:14 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 4600; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\WMI : SELECT * FROM BatteryFullChargedCapacity; ResultCode = 0x80041010; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 226 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 4904 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:34:13 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| PowerWmiProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %SYSTEMROOT%\system32\PowerWmiProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 225 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1368 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:34:13 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| StorageWMI provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %SystemRoot%\System32\storagewmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 224 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1368 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:34:11 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 223 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1368 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:34:11 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 222 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1368 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:34:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2920; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 221 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2920 | 4532 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:34:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 220 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1368 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:34:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 219 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1532 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:34:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {9A81CB05-910F-0003-8ACC-819A0F91D301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 964; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 218 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 4228 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:15 AM | 9a81cb05-910f-0003-8acc-819a0f91d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 217 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 1824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:01 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesConfigured FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 216 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 5076 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:01 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_TpmProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = C:\Windows\system32\wbem\Win32_TPM.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 215 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1532 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:33:01 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT VirtualizationBasedSecurityStatus FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 214 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 5076 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:01 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 213 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 5076 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:01 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 212 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 1824 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:01 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 211 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 5076 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:01 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_DeviceGuard provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %SystemRoot%\System32\Win32_DeviceGuard.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 210 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1532 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:33:01 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 3976; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\CIMV2 : SELECT SMBIOSAssetTag FROM Win32_SystemEnclosure ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 209 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 5076 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:32:59 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 208 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1532 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:32:59 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 207 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 2868 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:32:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1912; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 206 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1912 | 3084 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:32:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| ServerFeatureProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1164; ProviderPath = %windir%\system32\wbem\servercompprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 205 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1164 | 1532 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:32:58 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 996; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 204 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 996 | 456 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:29:00 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 996; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 203 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 996 | 456 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:29:00 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4324; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 202 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4324 | 3568 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:27:56 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 964, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 201 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 3260 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:26:55 AM | 9a81cb05-910f-0000-a4cc-819a0f91d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 964; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 200 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 3260 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:26:55 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 199 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 3768 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:26:50 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 198 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 3768 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:25:57 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 964; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 197 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 4648 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:25:52 AM | 9a81cb05-910f-0003-4bcc-819a0f91d301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 196 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 964 | 4648 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:25:52 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 195 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 3768 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:24:46 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4124; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 194 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4124 | 4152 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:24:15 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 193 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 3820 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:24:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3084; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 192 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3084 | 3436 | WIN-5T344G8GM1H | S-1-5-19 | 1/19/2018 8:24:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 191 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 3800 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:24:08 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 190 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 3800 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:24:03 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 189 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 3800 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 8:24:03 AM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3868; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 188 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3868 | 3176 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:37:16 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2504; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 187 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2504 | 2192 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:37:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2788; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 186 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2788 | 2624 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 6:37:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2504; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 185 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2504 | 2192 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:37:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2504; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 184 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2504 | 2440 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:37:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4024; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 183 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4024 | 3868 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:27:16 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1288; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 182 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1288 | 3280 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:27:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1500; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 181 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1500 | 2664 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 6:27:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1288; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 180 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1288 | 3280 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:27:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1288; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 179 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1288 | 4056 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:27:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 652; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 178 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 652 | 1972 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:17:16 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4032; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 177 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4032 | 3152 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:17:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3688; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 176 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3688 | 3124 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 6:17:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4032; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 175 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4032 | 1184 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:17:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4032; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 174 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4032 | 1160 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:17:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1088; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 173 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1088 | 4088 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:10:25 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 172 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 1752 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:08:29 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 1176; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 171 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 3928 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:08:20 PM | b65c0852-8ef4-0003-8709-5cb6f48ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 170 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 3928 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:08:20 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 169 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 1752 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:07:37 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 168 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 1752 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:07:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 167 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 4072 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:07:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4076; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 166 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4076 | 1920 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 6:07:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 165 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 4060 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:07:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 164 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2824 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:07:14 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 163 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 162 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesConfigured FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 161 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2640 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_TpmProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = C:\Windows\system32\wbem\Win32_TPM.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 160 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2824 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:06:34 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT VirtualizationBasedSecurityStatus FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 159 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2640 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 158 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT SecurityServicesRunning FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 157 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT AvailableSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 156 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\Microsoft\Windows\DeviceGuard : SELECT RequiredSecurityProperties FROM Win32_DeviceGuard ; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 155 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2580 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Win32_DeviceGuard provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %SystemRoot%\System32\Win32_DeviceGuard.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 154 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2824 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:06:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : select ChassisTypes from Win32_SystemEnclosure; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 153 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2640 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:33 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 152 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2824 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:06:32 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2584; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ID FROM Win32_ServerFeature; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 151 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1176 | 2640 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:32 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2832; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 150 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2832 | 2860 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 6:06:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| ServerFeatureProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2784; ProviderPath = %windir%\system32\wbem\servercompprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 149 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2784 | 2812 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:06:27 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4892; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 148 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4892 | 836 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 6:02:36 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4256; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 147 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4256 | 4144 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:53:30 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4976; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 146 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4976 | 3800 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:53:24 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5092; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 145 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 5092 | 2628 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:53:24 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4976; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 144 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4976 | 3800 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:53:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4976; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 143 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4976 | 5116 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:53:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {53B2B737-8EF1-0000-6DB9-B253F18ED301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 1152; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 142 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1152 | 4780 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:50:11 PM | 53b2b737-8ef1-0000-6db9-b253f18ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3688; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 141 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3688 | 2160 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:46:15 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 1152, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 140 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1152 | 4676 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:44:23 PM | 53b2b737-8ef1-0003-feb9-b253f18ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1152; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 139 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1152 | 4676 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:44:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 400; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 138 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1152 | 2600 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:44:12 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4212; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 137 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4212 | 4236 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:43:31 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 136 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 2796 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:43:29 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 135 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 3216 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:43:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3208; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 134 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3208 | 3308 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:43:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 133 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 324 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:43:23 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 132 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 324 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:43:17 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 976; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 131 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 976 | 324 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:43:17 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 1152; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 130 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1152 | 2720 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:42:38 PM | 53b2b737-8ef1-0001-8eb7-b253f18ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 129 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1152 | 2720 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:42:38 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A4626349-8EA8-0003-B36D-62A4A88ED301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 128 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 3696 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:37:24 PM | a4626349-8ea8-0003-b36d-62a4a88ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 164; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 127 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 164 | 3628 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:35:48 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WmiPerfInst provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3868; ProviderPath = C:\Windows\System32\wbem\WmiPerfInst.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 126 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3868 | 1388 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:35:07 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4924; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 125 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4924 | 428 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:04 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WmiPerfClass provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 4924; ProviderPath = C:\Windows\System32\wbem\WmiPerfClass.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 124 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 4924 | 5928 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:35:03 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 924, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 123 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2052 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:34:06 PM | a4626349-8ea8-0002-ed6e-62a4a88ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 924; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 122 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2052 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:34:06 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5028; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 121 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 5028 | 5328 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:32:53 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5804; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 120 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 5804 | 5824 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:32:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3816; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 119 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3816 | 1224 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:32:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5804; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 118 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 5804 | 5824 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:32:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5804; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 117 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 5804 | 912 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:32:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3180; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 116 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3180 | 804 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:22:47 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 115 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 5300 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:22:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 888; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 114 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 888 | 5288 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:22:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 113 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 5300 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:22:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3772; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 112 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3772 | 3704 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:22:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5964; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 111 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 5964 | 3468 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:12:54 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {A4626349-8EA8-0000-8A6D-62A4A88ED301}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 110 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 1992 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:12:41 PM | a4626349-8ea8-0000-8a6d-62a4a88ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1260; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 109 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1260 | 1960 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:12:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2736; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 108 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2736 | 2320 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:12:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1260; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 107 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1260 | 1960 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:12:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 1260; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 106 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 1260 | 1936 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:12:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = ROOT\CIMV2; NotificationQuery = SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName = 'wsmprovhost.exe'; UserName = ; ClientProcessID = 924, ClientMachine = WIN-5T344G8GM1H; PossibleCause = Temporary | 5860 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 105 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 3016 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:06:17 PM | a4626349-8ea8-0003-146c-62a4a88ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMI Kernel Trace Event Provider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 924; ProviderPath = C:\Windows\System32\wbem\krnlprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 104 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 3016 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:06:17 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3428; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 103 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3428 | 5844 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:06:06 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3428; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 102 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3428 | 5844 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:06:06 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2768; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 101 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2768 | 1104 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:05:59 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 100 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 3704 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:04:01 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/CIMV2; NotificationQuery = select * from MSFT_SCMEventLogEvent; OwnerName = S-1-5-32-544; HostProcessID = 924; Provider= SCM Event Provider, queryID = 0; PossibleCause = Permanent | 5859 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 99 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 3356 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:03:48 PM | a4626349-8ea8-0003-c36b-62a4a88ed301 | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:
instance of __EventFilter
{
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventNamespace = "root\\cimv2";
Name = "SCM Event Log Filter";
Query = "select * from MSFT_SCMEventLogEvent";
QueryLanguage = "WQL";
};
Perm. Consumer:
instance of NTEventLogEventConsumer
{
Category = 0;
CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};
EventType = 1;
Name = "SCM Event Log Consumer";
NameOfUserSIDProperty = "sid";
SourceName = "Service Control Manager";
};
| 5861 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 98 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 1768 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:03:48 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| MSVDS__PROVIDER provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\vdswmi.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 97 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 3704 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:02:51 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| nettcpip provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\NetTCPIP.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 96 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 812 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:02:39 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| NetAdapterCim provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 5960; ProviderPath = %systemroot%\system32\wbem\NetAdapterCim.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 95 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 5960 | 5988 | WIN-5T344G8GM1H | S-1-5-19 | 1/16/2018 5:02:39 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| mgmtprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\mgmtprovider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 94 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 3084 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:02:39 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2972; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ID FROM Win32_ServerFeature; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 93 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2352 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:13 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 92 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{F9C77450-3A41-477E-9310-9ACD617BD9E3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 91 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 90 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 89 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 88 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 87 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 86 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 85 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 84 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 83 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 82 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 81 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 80 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 79 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 78 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 77 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 76 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 75 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 74 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 73 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 72 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 71 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 70 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 69 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{5794DAFD-BE60-433f-88A2-1A31939AC01F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 68 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{4D2F9B6F-1E52-4711-A382-6A8B1A003DE6}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 67 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 66 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 65 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 64 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 63 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 62 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{25537BA6-77A8-11D2-9B6C-0000F8080861}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 61 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 60 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 59 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 58 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {822AD6C6-A4A6-4A78-B264-65E46A20EFBB}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\User\S_1_5_21_416071247_492812682_1642729393_500 : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 57 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2512 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2768; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 56 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2768 | 1124 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| WMIProv provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2768; ProviderPath = %systemroot%\system32\wbem\wmiprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 55 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2768 | 1124 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:11 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 54 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 53 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FB2CA36D-0B40-4307-821B-A13B252DE56C}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 52 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{f3ccc681-b74c-4060-9f26-cd84525dca2a}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 51 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{F312195E-3D9D-447A-A3F5-08DFFA24735E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 50 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 49 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E5094040-C46C-4115-B030-04FB2E545B00}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 48 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 47 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{e437bc1c-aa7d-11d2-a382-00c04f991e27}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 46 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 45 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 44 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{c6dc5466-785a-11d2-84d0-00c04fb169f7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 43 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C631DF4C-088F-4156-B058-4375F0853CD8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 42 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 41 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{C34B2751-1CF4-44F5-9262-C3FC39666591}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 40 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 39 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 38 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 37 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 36 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{AADCED64-746C-4633-A97C-D61349046527}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 35 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{A3F3E39B-5D83-4940-B954-28315B82F0A8}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 34 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{91FBB303-0CD5-4055-BF42-E512A681B325}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 33 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{8A28E2C5-8D06-49A4-A08C-632DAA493E17}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 32 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 31 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7B849a69-220F-451E-B3FE-2CB811AF94AE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 30 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7933F41E-56F8-41d6-A31C-4148A711EE93}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 29 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{74EE6C03-5363-4554-B161-627540339CAB}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 28 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{728EE579-943C-4519-9EF7-AB56765798ED}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 27 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 26 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 25 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{6232C319-91AC-4931-9385-E70C2B099F0E}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 24 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 23 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4bcd6cde-777b-48b6-9804-43568e23545d}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 22 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{4B7C3B0F-E993-4E06-A241-3FBE06943684}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 21 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{42B5FAAE-6536-11d2-AE5A-0000F87571E3}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 20 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{426031c0-0b47-4852-b0ca-ac3d37bfcb39}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 19 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 18 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{3610eda5-77ef-11d2-8dc5-00c04fa31a66}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 17 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 16 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{2A8FDC61-2347-4C87-92F6-B05EB91A201A}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 15 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{1A6364EB-776B-4120-ADE1-B63A406A76B5}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 14 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{17D89FEC-5C44-4972-B12D-241CAEF74509}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 13 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{16be69fa-4209-4250-88cb-716cf41954e0}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 12 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{169EBF44-942F-4C43-87CE-13C93996EBBE}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 11 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0E28E245-9368-4853-AD84-6DA3BA35BB75}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 10 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 9 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {227CEB83-33CD-4922-AED0-D222BC464B1A}; ClientMachine = WIN-5T344G8GM1H; User = ; ClientProcessId = 924; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}"; ResultCode = 0x80041002; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 8 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2528 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| deploymentprovider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 3440; ProviderPath = %systemroot%\system32\wbem\ServerManager.DeploymentProvider.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 7 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 3440 | 3468 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| ServerFeatureProvider provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %windir%\system32\wbem\servercompprov.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 6 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 3084 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-5T344G8GM1H; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2972; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : select ChassisTypes from Win32_SystemEnclosure; ResultCode = 0x80041032; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 5 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 924 | 2484 | WIN-5T344G8GM1H | S-1-5-18 | 1/16/2018 5:02:09 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32a provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\wmipcima.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 4 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 3084 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:02:06 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| CIMWin32 provider started with result code 0x0. HostProcess = wmiprvse.exe; ProcessID = 2856; ProviderPath = %systemroot%\system32\wbem\cimwin32.dll | 5857 | 0 | | 0 | 0 | 0 | 4611686018427387904 | 3 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 2856 | 2436 | WIN-5T344G8GM1H | S-1-5-20 | 1/16/2018 5:02:05 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-PD8DQPRRTAO; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2508; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MSiSCSI_PortalInfoClass; ResultCode = 0x8004100A; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 2 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 916 | 2392 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = WIN-PD8DQPRRTAO; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2508; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\wmi : MS_SM_AdapterInformationQuery; ResultCode = 0x8004100A; PossibleCause = Unknown | 5858 | 0 | | 2 | 0 | 0 | 4611686018427387904 | 1 | Microsoft-Windows-WMI-Activity | 1418ef04-b0b4-4623-bf7e-d74ab47bbdaa | Microsoft-Windows-WMI-Activity/Operational | 916 | 2392 | WIN-PD8DQPRRTAO | S-1-5-18 | 1/16/2018 5:01:40 PM | | | microsoft-windows-wmi-activity/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |