| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 823 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 2016 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:44 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 822 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 2016 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:44 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 821 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 2016 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:44 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 820 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 2016 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:44 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Cache Committed. | 28019 | 0 | | 4 | 28179 | 0 | 2305843009213759488 | 819 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 4196 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:44 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Stopped. | 28018 | 0 | | 4 | 28177 | 2 | 2305843009213759488 | 818 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 4196 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:44 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Started. | 28017 | 0 | | 4 | 28177 | 1 | 2305843009213759488 | 817 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 4196 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:44 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 816 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3540 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 815 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3624 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 814 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 813 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3716 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 812 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3716 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 811 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 810 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3548 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 809 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3540 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 808 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3412 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 807 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3412 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 806 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 805 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3624 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 804 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3548 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 803 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3408 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 802 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3408 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 801 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 800 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 799 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 798 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 797 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 796 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 795 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 794 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 793 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 792 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 791 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 790 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 789 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 788 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 787 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 786 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 785 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 784 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 783 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 1 with flags 2316. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 782 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3520 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:34 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 781 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3408 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 780 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3408 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 779 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 778 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 777 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 776 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 775 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 774 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 773 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 772 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 771 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 770 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 769 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 768 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 767 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 766 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 765 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 764 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 763 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 762 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 1 with flags 268. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 761 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3420 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 760 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 759 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 758 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 757 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 756 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 755 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 754 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 753 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 752 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 751 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 750 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 749 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3372 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:41:33 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Cache Committed. | 28019 | 0 | | 4 | 28179 | 0 | 2305843009213759488 | 748 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 4480 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:35:32 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Stopped. | 28018 | 0 | | 4 | 28177 | 2 | 2305843009213759488 | 747 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 4480 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:35:32 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Hyper-V Manager with ID Microsoft.AutoGenerated.{7DFC4B93-681D-7B96-03E1-AE81FB7E597A} and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 746 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 4480 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:35:32 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Started. | 28017 | 0 | | 4 | 28177 | 1 | 2305843009213759488 | 745 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 4480 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:35:32 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 744 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 980 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:31 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 743 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 980 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:31 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 742 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 980 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:31 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 741 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 980 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:31 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Stopped. | 28018 | 0 | | 4 | 28177 | 2 | 2305843009213759488 | 740 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 4596 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:30 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Started. | 28017 | 0 | | 4 | 28177 | 1 | 2305843009213759488 | 739 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 4596 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:30 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 738 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3804 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 737 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3572 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 736 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3720 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 735 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3796 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 734 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3796 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 733 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3616 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 732 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3804 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 731 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3616 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 730 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 729 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3720 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 728 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3636 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 727 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3636 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 726 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3572 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 725 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3568 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 724 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3568 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 723 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 722 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 721 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 720 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 719 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 718 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 717 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 716 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 715 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 714 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 713 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 712 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 711 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 710 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 709 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 708 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 707 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 706 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 705 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 1 with flags 2316. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 704 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3612 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:20 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 703 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3568 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 702 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 701 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3568 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 700 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 699 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 698 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 697 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 696 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 695 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 694 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 693 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 692 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 691 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 690 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 689 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 688 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 687 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 686 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 685 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 684 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 1 with flags 268. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 683 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3588 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 682 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 681 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 680 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 679 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 678 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 677 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 676 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 675 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 674 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 673 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 672 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 671 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3540 | 3544 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:27:19 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 670 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 4028 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:17 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 669 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 4028 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:17 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 668 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 4028 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:17 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 667 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 4028 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:17 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Cache Committed. | 28019 | 0 | | 4 | 28179 | 0 | 2305843009213759488 | 666 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 2296 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:16 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Stopped. | 28018 | 0 | | 4 | 28177 | 2 | 2305843009213759488 | 665 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 2296 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:16 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application MPIO with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\mpiocpl.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 664 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 2296 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:16 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Started. | 28017 | 0 | | 4 | 28177 | 1 | 2305843009213759488 | 663 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 2296 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:16 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 662 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3476 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 661 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3596 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 660 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3496 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 659 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3564 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 658 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3564 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 657 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3496 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 656 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3596 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 655 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3480 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 654 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3480 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 653 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 652 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3448 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 651 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3448 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 650 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3444 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 649 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3444 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 648 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3476 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 647 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 646 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 645 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 644 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 643 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 642 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 641 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 640 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 639 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 638 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 637 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 636 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 635 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 634 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 633 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 632 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 631 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 630 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 1 with flags 2316. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 629 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3472 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 628 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 627 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3444 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 626 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 625 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3444 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 624 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 623 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 622 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 621 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 620 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 619 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 618 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 617 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 616 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 615 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 614 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 613 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 612 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 611 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 610 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 609 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 608 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 1 with flags 268. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 607 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3456 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 606 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 605 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 604 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 603 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 602 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 601 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 600 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 599 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 598 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 597 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 596 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 595 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 9:23:05 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 594 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 3572 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:55:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 593 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 3572 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:55:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 592 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 3572 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:55:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished execution of command 'Logon.ps1' (PID 1860). | 9708 | 0 | | 4 | 9707 | 2 | 2305878193652957184 | 591 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 3572 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:55:06 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started execution of command 'Logon.ps1'. | 9707 | 0 | | 4 | 9707 | 1 | 2305878193652957184 | 590 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 3572 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:55:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 589 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 3572 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:55:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Stopped. | 28018 | 0 | | 4 | 28177 | 2 | 2305843009213759488 | 588 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 3568 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:55:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Started. | 28017 | 0 | | 4 | 28177 | 1 | 2305843009213759488 | 587 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 3568 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:55:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 586 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 585 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 584 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 3216 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 583 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 3396 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 582 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 3396 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 581 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 3216 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 580 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2032 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 579 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 512 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 578 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 577 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 512 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 576 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2032 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 575 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 976 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 574 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 976 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 573 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 572 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 571 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 570 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 569 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 568 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 567 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:52 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 566 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:51 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 565 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:51 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 564 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:51 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 563 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:51 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 562 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:51 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 561 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:51 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 560 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:51 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 559 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:51 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 558 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:51 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 557 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:51 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 556 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:51 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 555 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:51 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 554 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:51 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 553 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:51 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 1 with flags 2316. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 552 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1104 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:51 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 551 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 976 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 550 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 976 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 549 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 548 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 547 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 546 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 545 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 544 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 543 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 542 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 541 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 540 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 539 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 538 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 537 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 536 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 535 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 534 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 533 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 532 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 1 with flags 268. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 531 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 2684 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 530 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 529 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 528 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 527 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 526 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 525 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 524 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 523 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 522 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 521 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 520 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 519 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2928 | 1932 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:54:50 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 518 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 3504 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:51:15 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 517 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 3504 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:51:15 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 516 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 3504 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:51:15 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished execution of command 'Logon.ps1' (PID 3972). | 9708 | 0 | | 4 | 9707 | 2 | 2305878193652957184 | 515 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 3504 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:51:15 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started execution of command 'Logon.ps1'. | 9707 | 0 | | 4 | 9707 | 1 | 2305878193652957184 | 514 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 3504 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:51:09 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 513 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 3504 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:51:09 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Cache Committed. | 28019 | 0 | | 4 | 28179 | 0 | 2305843009213759488 | 512 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 3968 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:51:08 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Stopped. | 28018 | 0 | | 4 | 28177 | 2 | 2305843009213759488 | 511 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 3968 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:51:08 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Started. | 28017 | 0 | | 4 | 28177 | 1 | 2305843009213759488 | 510 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 3968 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:51:08 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 509 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 1876 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 508 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2412 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 507 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2972 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 506 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 505 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 504 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 503 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2972 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 502 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 1876 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 501 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 500 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 499 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2972 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 498 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2972 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 497 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 1876 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 496 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2412 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 495 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 1876 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 494 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 493 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 492 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 491 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 490 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:59 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 489 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:58 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 488 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:58 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 487 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:58 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 486 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:58 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 485 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:58 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 484 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:58 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 483 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:58 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 482 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:58 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 481 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:58 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 480 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:58 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 479 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:58 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 478 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:58 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 477 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:58 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 1 with flags 2316. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 476 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 8 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:58 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 475 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:58 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 474 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2972 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 473 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 472 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2972 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 471 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 470 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 469 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 468 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 467 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 466 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 465 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 464 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 463 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 462 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 461 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 460 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 459 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 458 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 457 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 456 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 455 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:57 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 1 with flags 268. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 454 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 2424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:56 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 453 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:56 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 452 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:56 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 451 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:56 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 450 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:56 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 449 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:56 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 448 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:56 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 447 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:56 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 446 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:56 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 445 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:56 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 444 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:56 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 443 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:56 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 442 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 952 | 948 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:50:56 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 441 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3724 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:14 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 440 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3724 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:14 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 439 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3724 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:14 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished execution of command 'Logon.ps1' (PID 2808). | 9708 | 0 | | 4 | 9707 | 2 | 2305878193652957184 | 438 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3724 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:14 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started execution of command 'Logon.ps1'. | 9707 | 0 | | 4 | 9707 | 1 | 2305878193652957184 | 437 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3724 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:13 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 436 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3724 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:13 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Stopped. | 28018 | 0 | | 4 | 28177 | 2 | 2305843009213759488 | 435 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2740 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:12 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Started. | 28017 | 0 | | 4 | 28177 | 1 | 2305843009213759488 | 434 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2740 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:12 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 433 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3104 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 432 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3280 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 431 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3540 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 430 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3620 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 429 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3620 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 428 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3540 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 427 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3280 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 426 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 425 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 1012 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 424 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 423 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 1012 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 422 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 421 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2760 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 420 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2760 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 419 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3104 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 418 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 417 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 416 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 415 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 414 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 413 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 412 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 411 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 410 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 409 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 408 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 407 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 406 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 405 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 404 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 403 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 402 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 401 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 400 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 1 with flags 2316. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 399 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3100 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:02 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 398 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2760 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 397 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 396 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2760 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 395 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 394 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 393 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 392 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 391 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 390 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 389 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 388 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 387 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 386 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 385 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 384 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 383 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 382 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 381 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 380 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 379 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 1 with flags 268. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 378 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 3080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 377 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 376 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 375 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 374 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 373 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 372 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 371 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 370 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 369 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 368 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 367 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 366 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2940 | 2956 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/19/2018 8:24:01 AM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 365 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3820 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:21 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 364 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3820 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:21 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 363 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3820 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:21 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished execution of command 'Logon.ps1' (PID 2464). | 9708 | 0 | | 4 | 9707 | 2 | 2305878193652957184 | 362 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3820 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:21 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started execution of command 'Logon.ps1'. | 9707 | 0 | | 4 | 9707 | 1 | 2305878193652957184 | 361 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3820 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 360 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3820 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Cache Committed. | 28019 | 0 | | 4 | 28179 | 0 | 2305843009213759488 | 359 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 720 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Stopped. | 28018 | 0 | | 4 | 28177 | 2 | 2305843009213759488 | 358 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 720 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Started. | 28017 | 0 | | 4 | 28177 | 1 | 2305843009213759488 | 357 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 720 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 356 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 355 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3136 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 354 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3392 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 353 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3448 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 352 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3448 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 351 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3292 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 350 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3288 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 349 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3288 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 348 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3292 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 347 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3132 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 346 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3132 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 345 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3136 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 344 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3424 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 343 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3392 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 342 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 341 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 340 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 339 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 338 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 337 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:05 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 336 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 335 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 334 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 333 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 332 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 331 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 330 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 329 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 328 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 327 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 326 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 325 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 324 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 1 with flags 2316. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 323 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3284 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 322 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 321 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3132 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 320 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 319 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3132 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 318 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 317 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 316 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 315 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 314 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 313 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 312 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 311 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 310 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 309 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 308 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 307 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 306 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 305 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 304 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 303 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 302 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:04 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished execution of command 'ie4uinit.exe -UserConfig' (PID 3160). | 9708 | 0 | | 4 | 9707 | 2 | 2305878193652957184 | 301 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:03 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started execution of command 'ie4uinit.exe -UserConfig'. | 9707 | 0 | | 4 | 9707 | 1 | 2305878193652957184 | 300 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:03 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 1 with flags 268. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 299 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:03 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 298 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:03 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 297 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:03 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 296 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:03 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 295 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:03 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 294 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:03 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 293 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:03 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 292 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:03 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 291 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:03 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' finished with flags 8. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 290 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:03 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 289 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:03 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 288 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:03 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' started with flags 8. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 287 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3104 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 6:07:03 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 286 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 4080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:27 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 285 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 4080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:27 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 284 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 4080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:27 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished execution of command 'Logon.ps1' (PID 2140). | 9708 | 0 | | 4 | 9707 | 2 | 2305878193652957184 | 283 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 4080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:27 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started execution of command 'Logon.ps1'. | 9707 | 0 | | 4 | 9707 | 1 | 2305878193652957184 | 282 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 4080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:21 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 281 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 4080 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:21 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Cache Committed. | 28019 | 0 | | 4 | 28179 | 0 | 2305843009213759488 | 280 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 1224 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:20 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Stopped. | 28018 | 0 | | 4 | 28177 | 2 | 2305843009213759488 | 279 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 1224 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:20 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Started. | 28017 | 0 | | 4 | 28177 | 1 | 2305843009213759488 | 278 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 1224 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:20 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 277 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3468 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 276 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3556 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 275 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3404 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 274 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3556 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 273 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3408 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 272 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3408 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 271 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3476 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 270 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3476 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 269 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 268 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 267 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3404 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 266 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3536 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 265 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3536 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 264 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3468 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 263 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 262 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 261 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 260 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 259 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 258 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:11 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 257 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:10 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 256 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:10 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 255 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:10 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 254 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:10 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 253 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:10 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 252 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:10 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 251 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:10 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 250 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:10 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 249 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:10 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 248 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:10 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 247 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:10 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 246 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:10 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 245 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:10 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 1 with flags 2316. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 244 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3400 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:10 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 243 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:10 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 242 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:09 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 241 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:09 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 240 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:09 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 239 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3108 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:09 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 238 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:09 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 237 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:09 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 236 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:09 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 235 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:09 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 234 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:09 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 233 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:09 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 232 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:09 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 231 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2532 | 3124 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:09 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 230 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2532 | 3120 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:09 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 229 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2532 | 3124 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:09 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.AccountsControl_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 228 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2532 | 3124 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:09 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.AccountsControl_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 227 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2532 | 3124 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:08 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.Cortana_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 226 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2532 | 3124 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:08 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 225 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:08 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 224 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:08 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 223 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:08 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 222 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:08 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 221 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:08 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 220 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:08 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 219 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:08 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 218 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:08 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 217 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:08 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished execution of command 'ie4uinit.exe -UserConfig' (PID 3176). | 9708 | 0 | | 4 | 9707 | 2 | 2305878193652957184 | 216 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:08 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started execution of command 'ie4uinit.exe -UserConfig'. | 9707 | 0 | | 4 | 9707 | 1 | 2305878193652957184 | 215 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.Cortana_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 214 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2532 | 3124 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 213 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2532 | 3120 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 1 with flags 268. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 212 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3128 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 211 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 210 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 209 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 208 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 207 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 206 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 205 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 204 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' finished with flags 1032. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 203 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 202 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 201 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' started with flags 1032. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 200 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2180 | 3036 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 199 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3664 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:30 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 198 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3664 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:30 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 197 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3664 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:30 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished execution of command 'Logon.ps1' (PID 5464). | 9708 | 0 | | 4 | 9707 | 2 | 2305878193652957184 | 196 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3664 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:30 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started execution of command 'Logon.ps1'. | 9707 | 0 | | 4 | 9707 | 1 | 2305878193652957184 | 195 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3664 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:30 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\Run'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 194 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3664 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:30 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Cache Committed. | 28019 | 0 | | 4 | 28179 | 0 | 2305843009213759488 | 193 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 2920 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:27 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Stopped. | 28018 | 0 | | 4 | 28177 | 2 | 2305843009213759488 | 192 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 2920 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:27 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Internet Explorer with ID Microsoft.InternetExplorer.Default and flags 0x11 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 191 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 2920 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:27 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application File Explorer with ID Microsoft.Windows.Explorer and flags 0x19 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 190 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 2920 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:27 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Internet Explorer with ID Microsoft.InternetExplorer.Default and flags 0x31 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 189 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 2920 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:27 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Started. | 28017 | 0 | | 4 | 28177 | 1 | 2305843009213759488 | 188 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 2920 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:27 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 187 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 4144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:19 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 186 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3056 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:19 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 185 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3620 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 184 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 2180 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 183 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 4212 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 182 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3800 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'NotifyTrayStartIsReady' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 181 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3800 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'OEMFirstRunTelemetry' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 180 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 4212 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessNotifyLogonComplete' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 179 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3620 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ARSFirstRunTelemetry' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 178 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 4144 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload3' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 177 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3056 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchInputDialListenerPostStart' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 176 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 2180 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 175 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3276 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHostPostStart' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 174 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3276 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 173 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PostStartTasks' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 172 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 171 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 170 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 169 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 168 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 23956 | 0 | | 5 | 0 | 0 | 0 | 167 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 4300 | 4368 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:18 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | | | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| RunOnce commands finished. | 9704 | 0 | | 4 | 9703 | 2 | 2305878193652957184 | 166 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3360 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\RunOnce'. | 9706 | 0 | | 4 | 9705 | 2 | 2305878193652957184 | 165 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3360 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished execution of command 'FirstLogon.ps1' (PID 3528). | 9708 | 0 | | 4 | 9707 | 2 | 2305878193652957184 | 164 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3360 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 163 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 162 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 161 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PerUserSetup' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 160 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 159 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'EnterpriseProvisioning' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 158 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 157 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsPreStart' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 156 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 155 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroupPreStart' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 154 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 153 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2PreStart' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 152 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 1 with flags 2316. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 151 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3920 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'LaunchExperienceHost' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 150 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreStartTasks' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 149 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:17 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 148 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3276 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:16 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 22083 | 0 | | 4 | 22082 | 2 | 2305843009213759488 | 147 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3920 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:16 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 22082 | 0 | | 4 | 22082 | 1 | 2305843009213759488 | 146 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3920 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:16 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 9811 | 0 | | 2 | 9811 | 0 | 2305843009213759488 | 145 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3920 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:16 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 9811 | 0 | | 2 | 9811 | 0 | 2305843009213759488 | 144 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3920 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 9811 | 0 | | 2 | 9811 | 0 | 2305843009213759488 | 143 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3920 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 9811 | 0 | | 2 | 9811 | 0 | 2305843009213759488 | 142 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3920 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 9811 | 0 | | 2 | 9811 | 0 | 2305843009213759488 | 141 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3920 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| 9811 | 0 | | 2 | 9811 | 0 | 2305843009213759488 | 140 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3920 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Error | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 139 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 138 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'UpdatePCSettingsShellInit' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 137 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'DefaultAssociations' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 136 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3276 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessLogonGroup' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 135 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingPayload2' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 134 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellInitTasks' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 133 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 132 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 131 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 130 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Windows.PrintDialog_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 129 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3412 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Windows.MiracastView_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 128 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Windows.PrintDialog_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 127 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3412 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.XboxGameCallableUI_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 126 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 2916 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Windows.MiracastView_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 125 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.SecondaryTileExperience_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 124 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.XboxGameCallableUI_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 123 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 2916 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 122 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 2916 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.SecondaryTileExperience_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 121 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 120 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 119 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 2916 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.LockApp_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 118 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 2916 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 117 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.AccountsControl_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 116 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.LockApp_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 115 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 2916 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 114 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 2916 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.AccountsControl_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 113 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.Cortana_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 112 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'StartLayoutInit' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 111 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 110 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RoamingBootstrapAndPayload1' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 109 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreShellTasks' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 108 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 107 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 106 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 105 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'WaitForMSAConnected' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 104 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 103 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished execution of command 'iesetup.dll",IEHardenUser' (PID 3772). | 9708 | 0 | | 4 | 9707 | 2 | 2305878193652957184 | 102 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started execution of command 'iesetup.dll",IEHardenUser'. | 9707 | 0 | | 4 | 9707 | 1 | 2305878193652957184 | 101 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished execution of command 'iesetup.dll",IEHardenAdmin' (PID 3512). | 9708 | 0 | | 4 | 9707 | 2 | 2305878193652957184 | 100 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.Cortana_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 99 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package windows.immersivecontrolpanel_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 98 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started execution of command 'iesetup.dll",IEHardenAdmin'. | 9707 | 0 | | 4 | 9707 | 1 | 2305878193652957184 | 97 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 96 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 2916 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package windows.immersivecontrolpanel_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 95 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 94 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 93 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 2916 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished execution of command 'unregmp2.exe /FirstLogon' (PID 2920). | 9708 | 0 | | 4 | 9707 | 2 | 2305878193652957184 | 92 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 91 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.BioEnrollment_cw5n1h2txyewy to 'Completed' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 90 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started execution of command 'unregmp2.exe /FirstLogon'. | 9707 | 0 | | 4 | 9707 | 1 | 2305878193652957184 | 89 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Cache Committed. | 28019 | 0 | | 4 | 28179 | 0 | 2305843009213759488 | 88 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Stopped. | 28018 | 0 | | 4 | 28177 | 2 | 2305843009213759488 | 87 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Personal Folder with ID Microsoft.Windows.UserProfile and flags 0x40019 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 86 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Network with ID Microsoft.Windows.Network and flags 0x40019 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 85 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Homegroup with ID Microsoft.Windows.Homegroup and flags 0x40019 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 84 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Videos with ID Microsoft.Windows.Videos and flags 0x40019 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 83 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Pictures with ID Microsoft.Windows.Pictures and flags 0x40019 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 82 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Music with ID Microsoft.Windows.Music and flags 0x40019 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 81 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Downloads with ID Microsoft.Windows.Downloads and flags 0x40019 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 80 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Documents with ID Microsoft.Windows.Documents and flags 0x40019 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 79 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application File Explorer with ID Microsoft.Windows.Explorer and flags 0x40019 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 78 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Windows Defender with ID {6D809377-6AF0-444B-8957-A3773F02200E}\Windows Defender\MSASCui.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 77 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished execution of command 'ie4uinit.exe -UserConfig' (PID 1388). | 9708 | 0 | | 4 | 9707 | 2 | 2305878193652957184 | 76 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Task Manager with ID Microsoft.AutoGenerated.{923DD477-5846-686B-A659-0FCCD73851A8} and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 75 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Windows Server Backup with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\wbadmin.msc and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 74 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Windows Firewall with Advanced Security with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\WF.msc and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 73 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Task Scheduler with ID Microsoft.AutoGenerated.{C1C6F8AC-40A3-0F5C-146F-65A9DC70BBB4} and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 72 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application System Information with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\msinfo32.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 71 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application System Configuration with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\msconfig.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 70 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Services with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\services.msc and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 69 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Server Manager with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ServerManager.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 68 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Local Security Policy with ID Microsoft.AutoGenerated.{BD3F924E-55FB-A1BA-9DE6-B50F9F2460AC} and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 67 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Resource Monitor with ID Microsoft.AutoGenerated.{C804BBA7-FA5F-CBF7-8B55-2096E5F972CB} and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 66 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Print Management with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\printmanagement.msc and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 65 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Performance Monitor with ID Microsoft.AutoGenerated.{8AA47365-B2B3-1961-69EB-F866E376B12F} and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 64 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application ODBC Data Sources (64-bit) with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\odbcad32.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 63 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application ODBC Data Sources (32-bit) with ID {D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\odbcad32.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 62 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Microsoft Azure Services with ID Microsoft.AutoGenerated.{18C6F720-ABAE-A6EF-86EC-0E72549F6916} and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 61 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Windows Memory Diagnostic with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\MdSched.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 60 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application iSCSI Initiator with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\iscsicpl.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 59 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Event Viewer with ID Microsoft.AutoGenerated.{BB044BFD-25B7-2FAA-22A8-6371A93E0456} and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 58 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Disk Cleanup with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\cleanmgr.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 57 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Defragment and Optimize Drives with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\dfrgui.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 56 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Computer Management with ID Microsoft.AutoGenerated.{8ABD94FB-E7D6-84A6-A997-C918EDDE0AE5} and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 55 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Component Services with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\comexp.msc and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 54 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Windows Server Backup with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\wbadmin.msc and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 53 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Character Map with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\charmap.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 52 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application WordPad with ID {6D809377-6AF0-444B-8957-A3773F02200E}\Windows NT\Accessories\wordpad.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 51 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Windows Media Player with ID Microsoft.Windows.MediaPlayer32 and flags 0x39 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 50 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Steps Recorder with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\psr.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 49 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Snipping Tool with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\SnippingTool.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 48 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Remote Desktop Connection with ID Microsoft.Windows.RemoteDesktop and flags 0x39 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 47 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started execution of command 'ie4uinit.exe -UserConfig'. | 9707 | 0 | | 4 | 9707 | 1 | 2305878193652957184 | 46 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Paint with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\mspaint.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 45 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Math Input Panel with ID {6D809377-6AF0-444B-8957-A3773F02200E}\Common Files\Microsoft Shared\Ink\mip.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 44 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Finished execution of command 'unregmp2.exe /FirstLogon' (PID 3772). | 9708 | 0 | | 4 | 9707 | 2 | 2305878193652957184 | 43 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Calculator with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\win32calc.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 42 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Windows Speech Recognition with ID Microsoft.AutoGenerated.{DAA168DE-4306-C8BC-8C11-B596240BDDED} and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 41 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Server Manager with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ServerManager.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 40 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Print Dialog with ID Windows.PrintDialog_cw5n1h2txyewy!Microsoft.Windows.PrintDialog and flags 0x4019 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 39 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application MiracastView with ID Windows.MiracastView_cw5n1h2txyewy!Microsoft.Windows.MiracastView and flags 0x4019 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 38 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Settings with ID windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel and flags 0x4019 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 37 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Windows PowerShell with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\WindowsPowerShell\v1.0\powershell.exe and flags 0x8030 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 36 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Windows PowerShell ISE with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\WindowsPowerShell\v1.0\PowerShell_ISE.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 35 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Windows PowerShell ISE (x86) with ID {D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\WindowsPowerShell\v1.0\PowerShell_ISE.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 34 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Windows PowerShell (x86) with ID {D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\WindowsPowerShell\v1.0\powershell.exe and flags 0x8030 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 33 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Run with ID Microsoft.Windows.Shell.RunDialog and flags 0x39 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 32 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application File Explorer with ID Microsoft.Windows.Explorer and flags 0x39 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 31 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Devices with ID Microsoft.Windows.PCSettings.Devices and flags 0x39 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 30 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Default Programs with ID Microsoft.Windows.PCSettings.DefaultApps and flags 0x39 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 29 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started execution of command 'unregmp2.exe /FirstLogon'. | 9707 | 0 | | 4 | 9707 | 1 | 2305878193652957184 | 28 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Control Panel with ID Microsoft.Windows.ControlPanel and flags 0x39 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 27 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application This PC with ID Microsoft.Windows.Computer and flags 0x39 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 26 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Command Prompt with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\cmd.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 25 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Windows Administrative Tools with ID Microsoft.Windows.AdministrativeTools and flags 0x39 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 24 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Notepad with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 23 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application On-Screen Keyboard with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\osk.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 22 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Narrator with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\narrator.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 21 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started execution of command 'FirstLogon.ps1'. | 9707 | 0 | | 4 | 9707 | 1 | 2305878193652957184 | 20 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3360 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Started enumeration of commands for registry key 'Software\Microsoft\Windows\CurrentVersion\RunOnce'. | 9705 | 0 | | 4 | 9705 | 1 | 2305878193652957184 | 19 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3360 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| RunOnce commands started. | 9703 | 0 | | 4 | 9703 | 1 | 2305878193652957184 | 18 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3368 | 3360 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Shortcut for application Magnifier with ID {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\magnify.exe and flags 0x38 is added to app resolver cache. | 28115 | 0 | | 4 | 28141 | 0 | 2305843009213759488 | 17 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ActiveSetup' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 16 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 15 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.BioEnrollment_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 14 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 3372 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Updating install state of package Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy to 'Installing' with HRESULT 0. | 62144 | 0 | | 4 | 62132 | 0 | 2305843009213759488 | 13 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 2740 | 2916 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| AppResolver Scan Started. | 28017 | 0 | | 4 | 28177 | 1 | 2305843009213759488 | 12 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Starting to refresh app resolver cache for scenario 2 with flags 79. | 28125 | 0 | | 4 | 28137 | 0 | 2305843009213759488 | 11 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3376 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'RunOnce' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 10 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 9 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'SkydrivePrep' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 8 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppResolver' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 7 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreShellGroup' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 6 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AppReadinessPreRoamingGroup' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 5 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' finished with flags 1034. | 62171 | 0 | | 4 | 62170 | 2 | 2306124492780339200 | 4 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'ShellPrep' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 3 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'PreRoamingTasks' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 2 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Logon task 'AllLogonTasks' started with flags 1034. | 62170 | 0 | | 4 | 62170 | 1 | 2306124492780339200 | 1 | Microsoft-Windows-Shell-Core | 30336ed4-e327-447c-9de0-51b652c86108 | Microsoft-Windows-Shell-Core/Operational | 3172 | 3168 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | | | microsoft-windows-shell-core/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |