| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| User "CBCI-771362-19\N-H1-771362-19$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 109 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2148 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 10:12:02 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-771362-19\N-H1-771362-19$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 108 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2148 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 9:42:02 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-771362-19\N-H1-771362-19$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 107 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2148 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 9:12:01 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{2C9F6E46-D62C-449F-9D07-1B6551B93BD5}" instance of the "\Microsoft\Windows\Autochk\Proxy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 106 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:51:31 AM | 2c9f6e46-d62c-449f-9d07-1b6551b93bd5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Autochk\Proxy" , instance "{2C9F6E46-D62C-449F-9D07-1B6551B93BD5}" , action "%windir%\system32\rundll32.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 105 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:51:31 AM | 2c9f6e46-d62c-449f-9d07-1b6551b93bd5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\rundll32.exe" in instance "{2C9F6E46-D62C-449F-9D07-1B6551B93BD5}" of task "\Microsoft\Windows\Autochk\Proxy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 104 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:51:31 AM | 2c9f6e46-d62c-449f-9d07-1b6551b93bd5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{2C9F6E46-D62C-449F-9D07-1B6551B93BD5}" instance of the "\Microsoft\Windows\Autochk\Proxy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 103 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:51:31 AM | 2c9f6e46-d62c-449f-9d07-1b6551b93bd5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Autochk\Proxy" , instance "%windir%\system32\rundll32.exe" with process ID 2448. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 102 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:51:31 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{2C9F6E46-D62C-449F-9D07-1B6551B93BD5}" instance of task "\Microsoft\Windows\Autochk\Proxy" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 101 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:51:31 AM | 2c9f6e46-d62c-449f-9d07-1b6551b93bd5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "NT AUTHORITY\SYSTEM" updated Task Scheduler task "\Microsoft\Windows\WindowsUpdate\Scheduled Start" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 100 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2148 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:45:33 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-771362-19\N-H1-771362-19$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 99 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2736 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:42:01 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{A5F4AFEC-A799-4BCB-B5BD-5D4F2FDFF6F5}" instance of the "\Microsoft\XblGameSave\XblGameSaveTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 98 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 3052 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:21:31 AM | a5f4afec-a799-4bcb-b5bd-5d4f2fdff6f5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\XblGameSave\XblGameSaveTask" , instance "{A5F4AFEC-A799-4BCB-B5BD-5D4F2FDFF6F5}" , action "%windir%\System32\XblGameSaveTask.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 97 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 3052 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:21:31 AM | a5f4afec-a799-4bcb-b5bd-5d4f2fdff6f5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\System32\XblGameSaveTask.exe" in instance "{A5F4AFEC-A799-4BCB-B5BD-5D4F2FDFF6F5}" of task "\Microsoft\XblGameSave\XblGameSaveTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 96 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 3052 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:21:31 AM | a5f4afec-a799-4bcb-b5bd-5d4f2fdff6f5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{A5F4AFEC-A799-4BCB-B5BD-5D4F2FDFF6F5}" instance of the "\Microsoft\XblGameSave\XblGameSaveTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 95 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 3052 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:21:31 AM | a5f4afec-a799-4bcb-b5bd-5d4f2fdff6f5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\XblGameSave\XblGameSaveTask" , instance "%windir%\System32\XblGameSaveTask.exe" with process ID 2872. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 94 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 3052 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:21:31 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "System" disabled Task Scheduler task "\Microsoft\Windows\UpdateOrchestrator\Resume On Boot" | 142 | 0 | | 4 | 142 | 0 | -9223372036854775808 | 93 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:32 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task disabled | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-771362-19\N-H1-771362-19$" updated Task Scheduler task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 92 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:31 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{1F3BAFB1-BA15-4BA6-98AC-DC5E92621FCB}" instance of the "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 91 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:31 AM | 1f3bafb1-ba15-4ba6-98ac-dc5e92621fcb | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" , instance "{1F3BAFB1-BA15-4BA6-98AC-DC5E92621FCB}" , action "%systemroot%\system32\usoclient.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 90 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:31 AM | 1f3bafb1-ba15-4ba6-98ac-dc5e92621fcb | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "System" updated Task Scheduler task "\Microsoft\Windows\UpdateOrchestrator\Resume On Boot" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 89 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2916 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:31 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{42651B59-DE3F-4BC7-9C28-8727CD8CA9EE}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 88 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2916 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:31 AM | 42651b59-de3f-4bc7-9c28-8727cd8ca9ee | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "{42651B59-DE3F-4BC7-9C28-8727CD8CA9EE}" , action "%windir%\system32\wermgr.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 87 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2916 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:31 AM | 42651b59-de3f-4bc7-9c28-8727cd8ca9ee | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\wermgr.exe" in instance "{42651B59-DE3F-4BC7-9C28-8727CD8CA9EE}" of task "\Microsoft\Windows\Windows Error Reporting\QueueReporting". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 86 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:31 AM | 42651b59-de3f-4bc7-9c28-8727cd8ca9ee | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{42651B59-DE3F-4BC7-9C28-8727CD8CA9EE}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 85 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:31 AM | 42651b59-de3f-4bc7-9c28-8727cd8ca9ee | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "%windir%\system32\wermgr.exe" with process ID 3480. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 84 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:31 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{42651B59-DE3F-4BC7-9C28-8727CD8CA9EE}" instance of task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 83 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:31 AM | 42651b59-de3f-4bc7-9c28-8727cd8ca9ee | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{66B1E966-6717-463E-95F5-28F9A42BA7E5}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 82 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:30 AM | 66b1e966-6717-463e-95f5-28f9a42ba7e5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "{66B1E966-6717-463E-95F5-28F9A42BA7E5}" , action "%windir%\system32\wermgr.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 81 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:30 AM | 66b1e966-6717-463e-95f5-28f9a42ba7e5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%systemroot%\system32\usoclient.exe" in instance "{1F3BAFB1-BA15-4BA6-98AC-DC5E92621FCB}" of task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 80 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:30 AM | 1f3bafb1-ba15-4ba6-98ac-dc5e92621fcb | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{1F3BAFB1-BA15-4BA6-98AC-DC5E92621FCB}" instance of the "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 79 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:30 AM | 1f3bafb1-ba15-4ba6-98ac-dc5e92621fcb | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" , instance "%systemroot%\system32\usoclient.exe" with process ID 824. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 78 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:30 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\wermgr.exe" in instance "{66B1E966-6717-463E-95F5-28F9A42BA7E5}" of task "\Microsoft\Windows\Windows Error Reporting\QueueReporting". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 77 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2916 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:30 AM | 66b1e966-6717-463e-95f5-28f9a42ba7e5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{66B1E966-6717-463E-95F5-28F9A42BA7E5}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 76 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2916 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:30 AM | 66b1e966-6717-463e-95f5-28f9a42ba7e5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "%windir%\system32\wermgr.exe" with process ID 836. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 75 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2916 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:30 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler could not launch task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" as scheduled. Instance "{1F3BAFB1-BA15-4BA6-98AC-DC5E92621FCB}" is started now as required by the configuration option to start the task when available, if schedule is missed. | 114 | 0 | | 3 | 114 | 0 | -9223372036854775808 | 74 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:30 AM | 1f3bafb1-ba15-4ba6-98ac-dc5e92621fcb | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | Missed task started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler could not launch task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" as scheduled. Instance "{66B1E966-6717-463E-95F5-28F9A42BA7E5}" is started now as required by the configuration option to start the task when available, if schedule is missed. | 114 | 0 | | 3 | 114 | 0 | -9223372036854775808 | 73 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2916 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:30 AM | 66b1e966-6717-463e-95f5-28f9a42ba7e5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | Missed task started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-771362-19\N-H1-771362-19$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 72 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2092 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:14:03 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{58AE40C9-FCA0-4EDD-8177-80266B00908C}" instance of the "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 71 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2092 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:13:19 AM | 58ae40c9-fca0-4edd-8177-80266b00908c | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" , instance "{58AE40C9-FCA0-4EDD-8177-80266B00908C}" , action "%windir%\system32\compattelrunner.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 70 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2092 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:13:19 AM | 58ae40c9-fca0-4edd-8177-80266b00908c | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{A2B98B64-F307-4579-8773-35D9092666A6}" instance of the "\Microsoft\Windows\Software Inventory Logging\Configuration" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 69 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:33 AM | a2b98b64-f307-4579-8773-35d9092666a6 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Software Inventory Logging\Configuration" , instance "{A2B98B64-F307-4579-8773-35D9092666A6}" , action "%systemroot%\system32\cmd.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 68 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:33 AM | a2b98b64-f307-4579-8773-35d9092666a6 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%systemroot%\system32\cmd.exe" in instance "{A2B98B64-F307-4579-8773-35D9092666A6}" of task "\Microsoft\Windows\Software Inventory Logging\Configuration". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 67 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2148 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:31 AM | a2b98b64-f307-4579-8773-35d9092666a6 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{A2B98B64-F307-4579-8773-35D9092666A6}" instance of the "\Microsoft\Windows\Software Inventory Logging\Configuration" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 66 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2148 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:31 AM | a2b98b64-f307-4579-8773-35d9092666a6 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Software Inventory Logging\Configuration" , instance "%systemroot%\system32\cmd.exe" with process ID 4084. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 65 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2148 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:31 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{A2B98B64-F307-4579-8773-35D9092666A6}" instance of task "\Microsoft\Windows\Software Inventory Logging\Configuration" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 64 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2148 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:31 AM | a2b98b64-f307-4579-8773-35d9092666a6 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{AB1F2F3A-3077-4F35-8492-D7EAD1262CDF}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 63 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1884 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:10 AM | ab1f2f3a-3077-4f35-8492-d7ead1262cdf | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "{AB1F2F3A-3077-4F35-8492-D7EAD1262CDF}" , action "Device Installation Group Policy Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 62 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1884 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:10 AM | ab1f2f3a-3077-4f35-8492-d7ead1262cdf | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Device Installation Group Policy Task Handler" in instance "{AB1F2F3A-3077-4F35-8492-D7EAD1262CDF}" of task "\Microsoft\Windows\Plug and Play\Device Install Group Policy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 61 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1884 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:10 AM | ab1f2f3a-3077-4f35-8492-d7ead1262cdf | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{AB1F2F3A-3077-4F35-8492-D7EAD1262CDF}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 60 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1884 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:10 AM | ab1f2f3a-3077-4f35-8492-d7ead1262cdf | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "taskhostw.exe" with process ID 3104. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 59 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1884 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:10 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{8D7CA7CE-99E7-4C30-B0CC-9E9D3C104F3A}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 58 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2852 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:10 AM | 8d7ca7ce-99e7-4c30-b0cc-9e9d3c104f3a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{8D7CA7CE-99E7-4C30-B0CC-9E9D3C104F3A}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 57 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2852 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:10 AM | 8d7ca7ce-99e7-4c30-b0cc-9e9d3c104f3a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{8D7CA7CE-99E7-4C30-B0CC-9E9D3C104F3A}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 56 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2852 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:10 AM | 8d7ca7ce-99e7-4c30-b0cc-9e9d3c104f3a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{8D7CA7CE-99E7-4C30-B0CC-9E9D3C104F3A}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 55 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2852 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:10 AM | 8d7ca7ce-99e7-4c30-b0cc-9e9d3c104f3a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "taskhostw.exe" with process ID 3112. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 54 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2852 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:10 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{159964E8-49FC-4D94-A205-B588A84CFB3B}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 53 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2736 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:10 AM | 159964e8-49fc-4d94-a205-b588a84cfb3b | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{159964E8-49FC-4D94-A205-B588A84CFB3B}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 52 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2736 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:10 AM | 159964e8-49fc-4d94-a205-b588a84cfb3b | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{159964E8-49FC-4D94-A205-B588A84CFB3B}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 51 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:10 AM | 159964e8-49fc-4d94-a205-b588a84cfb3b | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{159964E8-49FC-4D94-A205-B588A84CFB3B}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 50 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:10 AM | 159964e8-49fc-4d94-a205-b588a84cfb3b | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "taskhostw.exe" with process ID 4548. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 49 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:10 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-771362-19\N-H1-771362-19$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 48 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:09 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{CDBE650B-B4F3-4B1B-8FA1-7DD2E2A23CC0}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 47 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2852 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:00 AM | cdbe650b-b4f3-4b1b-8fa1-7dd2e2a23cc0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "{CDBE650B-B4F3-4B1B-8FA1-7DD2E2A23CC0}" , action "Device Installation Group Policy Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 46 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2852 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:00 AM | cdbe650b-b4f3-4b1b-8fa1-7dd2e2a23cc0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Device Installation Group Policy Task Handler" in instance "{CDBE650B-B4F3-4B1B-8FA1-7DD2E2A23CC0}" of task "\Microsoft\Windows\Plug and Play\Device Install Group Policy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 45 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2852 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:00 AM | cdbe650b-b4f3-4b1b-8fa1-7dd2e2a23cc0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{CDBE650B-B4F3-4B1B-8FA1-7DD2E2A23CC0}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 44 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2852 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:00 AM | cdbe650b-b4f3-4b1b-8fa1-7dd2e2a23cc0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "taskhostw.exe" with process ID 4300. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 43 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2852 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:00 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{4BB9FA28-6492-4FFD-BB8C-46A812431532}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 42 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:00 AM | 4bb9fa28-6492-4ffd-bb8c-46a812431532 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{4BB9FA28-6492-4FFD-BB8C-46A812431532}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 41 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:00 AM | 4bb9fa28-6492-4ffd-bb8c-46a812431532 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{4BB9FA28-6492-4FFD-BB8C-46A812431532}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 40 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:00 AM | 4bb9fa28-6492-4ffd-bb8c-46a812431532 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{4BB9FA28-6492-4FFD-BB8C-46A812431532}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 39 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:00 AM | 4bb9fa28-6492-4ffd-bb8c-46a812431532 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "taskhostw.exe" with process ID 4348. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 38 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2696 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:00 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{2EA6A771-BE6A-446F-AB1B-700A824E4664}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 37 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2736 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:00 AM | 2ea6a771-be6a-446f-ab1b-700a824e4664 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{2EA6A771-BE6A-446F-AB1B-700A824E4664}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 36 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2736 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:00 AM | 2ea6a771-be6a-446f-ab1b-700a824e4664 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{2EA6A771-BE6A-446F-AB1B-700A824E4664}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 35 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2736 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:00 AM | 2ea6a771-be6a-446f-ab1b-700a824e4664 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{2EA6A771-BE6A-446F-AB1B-700A824E4664}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 34 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2736 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:00 AM | 2ea6a771-be6a-446f-ab1b-700a824e4664 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "taskhostw.exe" with process ID 4392. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 33 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2736 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:12:00 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{0D2308FD-E9A6-458B-8C1A-976514897A3D}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 32 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:55 AM | 0d2308fd-e9a6-458b-8c1a-976514897a3d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "{0D2308FD-E9A6-458B-8C1A-976514897A3D}" , action "%windir%\system32\wermgr.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 31 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:55 AM | 0d2308fd-e9a6-458b-8c1a-976514897a3d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{8EB5EEEE-FAD6-46A4-A753-C21A136070CA}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 30 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:53 AM | 8eb5eeee-fad6-46a4-a753-c21a136070ca | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{8EB5EEEE-FAD6-46A4-A753-C21A136070CA}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 29 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:53 AM | 8eb5eeee-fad6-46a4-a753-c21a136070ca | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{2D534CC3-2DEC-42A2-ABAA-6E1F7218729F}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 28 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:53 AM | 2d534cc3-2dec-42a2-abaa-6e1f7218729f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{2D534CC3-2DEC-42A2-ABAA-6E1F7218729F}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 27 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:53 AM | 2d534cc3-2dec-42a2-abaa-6e1f7218729f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{2D534CC3-2DEC-42A2-ABAA-6E1F7218729F}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 26 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 3692 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:53 AM | 2d534cc3-2dec-42a2-abaa-6e1f7218729f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{2D534CC3-2DEC-42A2-ABAA-6E1F7218729F}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 25 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 3692 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:53 AM | 2d534cc3-2dec-42a2-abaa-6e1f7218729f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{34B7AD07-B8CE-4321-8CEA-9645A1AF5C4C}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 24 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:53 AM | 34b7ad07-b8ce-4321-8cea-9645a1af5c4c | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{34B7AD07-B8CE-4321-8CEA-9645A1AF5C4C}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 23 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:53 AM | 34b7ad07-b8ce-4321-8cea-9645a1af5c4c | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\wermgr.exe" in instance "{0D2308FD-E9A6-458B-8C1A-976514897A3D}" of task "\Microsoft\Windows\Windows Error Reporting\QueueReporting". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 22 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:51 AM | 0d2308fd-e9a6-458b-8c1a-976514897a3d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{0D2308FD-E9A6-458B-8C1A-976514897A3D}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 21 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:51 AM | 0d2308fd-e9a6-458b-8c1a-976514897a3d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "%windir%\system32\wermgr.exe" with process ID 4772. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 20 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:51 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{00000000-0000-0000-0000-000000000000}" instance of task "\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents" according to an event trigger. | 108 | 0 | | 4 | 108 | 0 | -9223372036854775808 | 19 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:50 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered on event | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{1194AE92-79D5-44FA-87EA-390D6E5AD1EC}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 18 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:48 AM | 1194ae92-79d5-44fa-87ea-390d6e5ad1ec | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{1194AE92-79D5-44FA-87EA-390D6E5AD1EC}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 17 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:48 AM | 1194ae92-79d5-44fa-87ea-390d6e5ad1ec | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{4BE39C93-9F01-428C-AD67-0115598F0A5F}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 16 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:47 AM | 4be39c93-9f01-428c-ad67-0115598f0a5f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "{4BE39C93-9F01-428C-AD67-0115598F0A5F}" , action "Device Installation Group Policy Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 15 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:47 AM | 4be39c93-9f01-428c-ad67-0115598f0a5f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{1194AE92-79D5-44FA-87EA-390D6E5AD1EC}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 14 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:41 AM | 1194ae92-79d5-44fa-87ea-390d6e5ad1ec | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{1194AE92-79D5-44FA-87EA-390D6E5AD1EC}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 13 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:41 AM | 1194ae92-79d5-44fa-87ea-390d6e5ad1ec | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{1194AE92-79D5-44FA-87EA-390D6E5AD1EC}" instance of task "\Microsoft\Windows\CertificateServicesClient\SystemTask" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 12 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:41 AM | 1194ae92-79d5-44fa-87ea-390d6e5ad1ec | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler queued instance "{2D534CC3-2DEC-42A2-ABAA-6E1F7218729F}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance" and will launch it as soon as instance "{34B7AD07-B8CE-4321-8CEA-9645A1AF5C4C}" completes. | 324 | 0 | | 3 | 324 | 0 | -9223372036854775808 | 11 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:35 AM | 2d534cc3-2dec-42a2-abaa-6e1f7218729f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | Launch request queued, instance already running | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Device Installation Group Policy Task Handler" in instance "{4BE39C93-9F01-428C-AD67-0115598F0A5F}" of task "\Microsoft\Windows\Plug and Play\Device Install Group Policy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 10 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1636 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:35 AM | 4be39c93-9f01-428c-ad67-0115598f0a5f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{4BE39C93-9F01-428C-AD67-0115598F0A5F}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 9 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1636 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:35 AM | 4be39c93-9f01-428c-ad67-0115598f0a5f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{8EB5EEEE-FAD6-46A4-A753-C21A136070CA}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 8 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1884 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:35 AM | 8eb5eeee-fad6-46a4-a753-c21a136070ca | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{8EB5EEEE-FAD6-46A4-A753-C21A136070CA}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 7 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1884 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:35 AM | 8eb5eeee-fad6-46a4-a753-c21a136070ca | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\compattelrunner.exe" in instance "{58AE40C9-FCA0-4EDD-8177-80266B00908C}" of task "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 6 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2952 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:32 AM | 58ae40c9-fca0-4edd-8177-80266b00908c | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{58AE40C9-FCA0-4EDD-8177-80266B00908C}" instance of the "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 5 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2952 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:32 AM | 58ae40c9-fca0-4edd-8177-80266b00908c | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" , instance "%windir%\system32\compattelrunner.exe" with process ID 3128. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 4 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 2952 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:32 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{34B7AD07-B8CE-4321-8CEA-9645A1AF5C4C}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 3 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:32 AM | 34b7ad07-b8ce-4321-8cea-9645a1af5c4c | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{34B7AD07-B8CE-4321-8CEA-9645A1AF5C4C}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 2 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:32 AM | 34b7ad07-b8ce-4321-8cea-9645a1af5c4c | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "taskhostw.exe" with process ID 3104. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 1 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1472 | 1504 | n-h1-771362-19.cbci-771362-19.local | S-1-5-18 | 6/8/2021 8:11:32 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |