| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| The calling process is rundll32.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 20 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 1844 | 1288 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:57 AM | | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 19 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 1016 | 1096 | WIN-5T344G8GM1H | S-1-5-18 | 1/19/2018 8:33:57 AM | 9a81cb05-910f-0002-f2cc-819a0f91d301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 18 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2532 | 3196 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:09 PM | 53b2b737-8ef1-0000-eeb7-b253f18ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 17 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2532 | 3196 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:08 PM | 53b2b737-8ef1-0001-ffb7-b253f18ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 16 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2532 | 3200 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | 53b2b737-8ef1-0000-bdb7-b253f18ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 15 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2532 | 3196 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:43:07 PM | 53b2b737-8ef1-0003-deb7-b253f18ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 14 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2740 | 3388 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | a4626349-8ea8-0002-7667-62a4a88ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 13 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2740 | 3388 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | a4626349-8ea8-0003-4466-62a4a88ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 12 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2740 | 3388 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | a4626349-8ea8-0001-2966-62a4a88ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 11 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2740 | 3388 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | a4626349-8ea8-0001-2566-62a4a88ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 10 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2740 | 3388 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | a4626349-8ea8-0000-8c66-62a4a88ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 9 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2740 | 3388 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:15 PM | a4626349-8ea8-0003-2a66-62a4a88ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 8 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2740 | 3388 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | a4626349-8ea8-0000-7866-62a4a88ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 7 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2740 | 3388 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | a4626349-8ea8-0000-7566-62a4a88ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 6 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2740 | 3388 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | a4626349-8ea8-0001-8865-62a4a88ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 5 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2740 | 3388 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | a4626349-8ea8-0001-6f65-62a4a88ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 4 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2740 | 3412 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:14 PM | a4626349-8ea8-0001-6e65-62a4a88ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 3 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2740 | 3412 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:13 PM | a4626349-8ea8-0001-4e65-62a4a88ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 2 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2740 | 3388 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | a4626349-8ea8-0000-bb65-62a4a88ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| The calling process is svchost.exe | 301 | 0 | | 4 | 4 | 0 | 4611756387171631104 | 1 | Microsoft-Windows-AppXDeployment | 8127f6d4-59f9-4abf-8952-3e3a02073d5f | Microsoft-Windows-AppXDeployment/Operational | 2740 | 3412 | WIN-5T344G8GM1H | S-1-5-21-416071247-492812682-1642729393-500 | 1/16/2018 5:02:12 PM | a4626349-8ea8-0003-c864-62a4a88ed301 | | microsoft-windows-appxdeployment/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |