| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| User "CBCI-787206-13\N-H2-787206-13$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 100 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 9:25:08 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-787206-13\N-H2-787206-13$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 99 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 8:55:07 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{B458350D-E447-4896-A684-3D5B86A9FF0F}" instance of the "\Microsoft\Windows\Autochk\Proxy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 98 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 1820 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 8:34:37 PM | b458350d-e447-4896-a684-3d5b86a9ff0f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Autochk\Proxy" , instance "{B458350D-E447-4896-A684-3D5B86A9FF0F}" , action "%windir%\system32\rundll32.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 97 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 1820 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 8:34:37 PM | b458350d-e447-4896-a684-3d5b86a9ff0f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\rundll32.exe" in instance "{B458350D-E447-4896-A684-3D5B86A9FF0F}" of task "\Microsoft\Windows\Autochk\Proxy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 96 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 1820 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 8:34:37 PM | b458350d-e447-4896-a684-3d5b86a9ff0f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{B458350D-E447-4896-A684-3D5B86A9FF0F}" instance of the "\Microsoft\Windows\Autochk\Proxy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 95 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 1820 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 8:34:37 PM | b458350d-e447-4896-a684-3d5b86a9ff0f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Autochk\Proxy" , instance "%windir%\system32\rundll32.exe" with process ID 3496. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 94 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 1820 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 8:34:37 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{B458350D-E447-4896-A684-3D5B86A9FF0F}" instance of task "\Microsoft\Windows\Autochk\Proxy" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 93 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 1820 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 8:34:37 PM | b458350d-e447-4896-a684-3d5b86a9ff0f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-787206-13\N-H2-787206-13$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 92 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2352 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 8:25:07 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "NT AUTHORITY\SYSTEM" updated Task Scheduler task "\Microsoft\Windows\WindowsUpdate\Scheduled Start" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 91 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 8:24:11 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{479C748E-E8F3-4BCF-A49D-CD9927F2FBC5}" instance of the "\Microsoft\XblGameSave\XblGameSaveTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 90 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 1820 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 8:04:37 PM | 479c748e-e8f3-4bcf-a49d-cd9927f2fbc5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\XblGameSave\XblGameSaveTask" , instance "{479C748E-E8F3-4BCF-A49D-CD9927F2FBC5}" , action "%windir%\System32\XblGameSaveTask.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 89 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 1820 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 8:04:37 PM | 479c748e-e8f3-4bcf-a49d-cd9927f2fbc5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\System32\XblGameSaveTask.exe" in instance "{479C748E-E8F3-4BCF-A49D-CD9927F2FBC5}" of task "\Microsoft\XblGameSave\XblGameSaveTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 88 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2892 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 8:04:37 PM | 479c748e-e8f3-4bcf-a49d-cd9927f2fbc5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{479C748E-E8F3-4BCF-A49D-CD9927F2FBC5}" instance of the "\Microsoft\XblGameSave\XblGameSaveTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 87 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2892 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 8:04:37 PM | 479c748e-e8f3-4bcf-a49d-cd9927f2fbc5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\XblGameSave\XblGameSaveTask" , instance "%windir%\System32\XblGameSaveTask.exe" with process ID 3740. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 86 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2892 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 8:04:37 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "System" disabled Task Scheduler task "\Microsoft\Windows\UpdateOrchestrator\Resume On Boot" | 142 | 0 | | 4 | 142 | 0 | -9223372036854775808 | 85 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 1584 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:57:37 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task disabled | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{5558F13F-BA18-47A9-9F8B-4759538E044D}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 84 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:57:37 PM | 5558f13f-ba18-47a9-9f8b-4759538e044d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "{5558F13F-BA18-47A9-9F8B-4759538E044D}" , action "%windir%\system32\wermgr.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 83 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:57:37 PM | 5558f13f-ba18-47a9-9f8b-4759538e044d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-787206-13\N-H2-787206-13$" updated Task Scheduler task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 82 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 1584 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:57:37 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\wermgr.exe" in instance "{5558F13F-BA18-47A9-9F8B-4759538E044D}" of task "\Microsoft\Windows\Windows Error Reporting\QueueReporting". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 81 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:57:37 PM | 5558f13f-ba18-47a9-9f8b-4759538e044d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{5558F13F-BA18-47A9-9F8B-4759538E044D}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 80 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:57:37 PM | 5558f13f-ba18-47a9-9f8b-4759538e044d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "%windir%\system32\wermgr.exe" with process ID 1152. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 79 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:57:37 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{5558F13F-BA18-47A9-9F8B-4759538E044D}" instance of task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 78 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:57:37 PM | 5558f13f-ba18-47a9-9f8b-4759538e044d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{BB07D32B-23E1-4CE3-BA31-F8D028ABC218}" instance of the "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 77 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2868 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:57:37 PM | bb07d32b-23e1-4ce3-ba31-f8d028abc218 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" , instance "{BB07D32B-23E1-4CE3-BA31-F8D028ABC218}" , action "%systemroot%\system32\usoclient.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 76 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2868 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:57:37 PM | bb07d32b-23e1-4ce3-ba31-f8d028abc218 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "System" updated Task Scheduler task "\Microsoft\Windows\UpdateOrchestrator\Resume On Boot" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 75 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 1584 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:57:37 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%systemroot%\system32\usoclient.exe" in instance "{BB07D32B-23E1-4CE3-BA31-F8D028ABC218}" of task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 74 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2868 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:57:36 PM | bb07d32b-23e1-4ce3-ba31-f8d028abc218 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{BB07D32B-23E1-4CE3-BA31-F8D028ABC218}" instance of the "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 73 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2868 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:57:36 PM | bb07d32b-23e1-4ce3-ba31-f8d028abc218 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" , instance "%systemroot%\system32\usoclient.exe" with process ID 4144. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 72 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2868 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:57:36 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler could not launch task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" as scheduled. Instance "{BB07D32B-23E1-4CE3-BA31-F8D028ABC218}" is started now as required by the configuration option to start the task when available, if schedule is missed. | 114 | 0 | | 3 | 114 | 0 | -9223372036854775808 | 71 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2868 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:57:36 PM | bb07d32b-23e1-4ce3-ba31-f8d028abc218 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | Missed task started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-787206-13\N-H2-787206-13$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 70 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2892 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:57:13 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{CC214752-ECE4-4E25-B111-D36693D62B5F}" instance of the "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 69 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 1584 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:56:24 PM | cc214752-ece4-4e25-b111-d36693d62b5f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" , instance "{CC214752-ECE4-4E25-B111-D36693D62B5F}" , action "%windir%\system32\compattelrunner.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 68 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 1584 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:56:24 PM | cc214752-ece4-4e25-b111-d36693d62b5f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{4A8D49A5-D474-4D36-BF16-343461170EB9}" instance of the "\Microsoft\Windows\Software Inventory Logging\Configuration" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 67 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2424 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:37 PM | 4a8d49a5-d474-4d36-bf16-343461170eb9 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Software Inventory Logging\Configuration" , instance "{4A8D49A5-D474-4D36-BF16-343461170EB9}" , action "%systemroot%\system32\cmd.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 66 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2424 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:37 PM | 4a8d49a5-d474-4d36-bf16-343461170eb9 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%systemroot%\system32\cmd.exe" in instance "{4A8D49A5-D474-4D36-BF16-343461170EB9}" of task "\Microsoft\Windows\Software Inventory Logging\Configuration". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 65 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2868 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:36 PM | 4a8d49a5-d474-4d36-bf16-343461170eb9 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{4A8D49A5-D474-4D36-BF16-343461170EB9}" instance of the "\Microsoft\Windows\Software Inventory Logging\Configuration" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 64 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2868 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:36 PM | 4a8d49a5-d474-4d36-bf16-343461170eb9 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Software Inventory Logging\Configuration" , instance "%systemroot%\system32\cmd.exe" with process ID 4668. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 63 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2868 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:36 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{4A8D49A5-D474-4D36-BF16-343461170EB9}" instance of task "\Microsoft\Windows\Software Inventory Logging\Configuration" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 62 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2868 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:36 PM | 4a8d49a5-d474-4d36-bf16-343461170eb9 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-787206-13\N-H2-787206-13$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 61 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:20 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{C844F03D-848E-4572-AEC8-442A76D8652D}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 60 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2844 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:12 PM | c844f03d-848e-4572-aec8-442a76d8652d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{C844F03D-848E-4572-AEC8-442A76D8652D}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 59 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2844 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:12 PM | c844f03d-848e-4572-aec8-442a76d8652d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{C844F03D-848E-4572-AEC8-442A76D8652D}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 58 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2844 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:12 PM | c844f03d-848e-4572-aec8-442a76d8652d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{C844F03D-848E-4572-AEC8-442A76D8652D}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 57 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2844 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:12 PM | c844f03d-848e-4572-aec8-442a76d8652d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "taskhostw.exe" with process ID 4048. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 56 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2844 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:12 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{8B57E013-E081-478A-B475-A74C24624D22}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 55 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:12 PM | 8b57e013-e081-478a-b475-a74c24624d22 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{8B57E013-E081-478A-B475-A74C24624D22}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 54 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:12 PM | 8b57e013-e081-478a-b475-a74c24624d22 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{F6B41084-5E4F-4796-9AF7-349573D6F5E0}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 53 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:12 PM | f6b41084-5e4f-4796-9af7-349573d6f5e0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "{F6B41084-5E4F-4796-9AF7-349573D6F5E0}" , action "Device Installation Group Policy Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 52 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:12 PM | f6b41084-5e4f-4796-9af7-349573d6f5e0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Device Installation Group Policy Task Handler" in instance "{F6B41084-5E4F-4796-9AF7-349573D6F5E0}" of task "\Microsoft\Windows\Plug and Play\Device Install Group Policy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 51 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2424 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:12 PM | f6b41084-5e4f-4796-9af7-349573d6f5e0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{F6B41084-5E4F-4796-9AF7-349573D6F5E0}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 50 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2424 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:12 PM | f6b41084-5e4f-4796-9af7-349573d6f5e0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{8B57E013-E081-478A-B475-A74C24624D22}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 49 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2424 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:12 PM | 8b57e013-e081-478a-b475-a74c24624d22 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{8B57E013-E081-478A-B475-A74C24624D22}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 48 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2424 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:12 PM | 8b57e013-e081-478a-b475-a74c24624d22 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "taskhostw.exe" with process ID 2952. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 47 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2424 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:12 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{8B3AB6C9-3A34-46A1-8A79-C3A873CDED6E}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 46 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:03 PM | 8b3ab6c9-3a34-46a1-8a79-c3a873cded6e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "{8B3AB6C9-3A34-46A1-8A79-C3A873CDED6E}" , action "%windir%\system32\wermgr.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 45 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:03 PM | 8b3ab6c9-3a34-46a1-8a79-c3a873cded6e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{DE4321E2-9CCA-4646-B3BA-C49535A382A1}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 44 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:03 PM | de4321e2-9cca-4646-b3ba-c49535a382a1 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{DE4321E2-9CCA-4646-B3BA-C49535A382A1}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 43 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:03 PM | de4321e2-9cca-4646-b3ba-c49535a382a1 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{5C809BDB-EDA9-406C-964A-153A3AA05D08}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 42 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:03 PM | 5c809bdb-eda9-406c-964a-153a3aa05d08 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "{5C809BDB-EDA9-406C-964A-153A3AA05D08}" , action "Device Installation Group Policy Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 41 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:03 PM | 5c809bdb-eda9-406c-964a-153a3aa05d08 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{E82DBA97-014E-4CFA-ACC3-DA8254CB3F4A}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 40 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:03 PM | e82dba97-014e-4cfa-acc3-da8254cb3f4a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{E82DBA97-014E-4CFA-ACC3-DA8254CB3F4A}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 39 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:03 PM | e82dba97-014e-4cfa-acc3-da8254cb3f4a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Device Installation Group Policy Task Handler" in instance "{5C809BDB-EDA9-406C-964A-153A3AA05D08}" of task "\Microsoft\Windows\Plug and Play\Device Install Group Policy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 38 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2844 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:03 PM | 5c809bdb-eda9-406c-964a-153a3aa05d08 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{5C809BDB-EDA9-406C-964A-153A3AA05D08}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 37 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2844 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:03 PM | 5c809bdb-eda9-406c-964a-153a3aa05d08 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{E82DBA97-014E-4CFA-ACC3-DA8254CB3F4A}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 36 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:03 PM | e82dba97-014e-4cfa-acc3-da8254cb3f4a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{E82DBA97-014E-4CFA-ACC3-DA8254CB3F4A}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 35 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:03 PM | e82dba97-014e-4cfa-acc3-da8254cb3f4a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{DE4321E2-9CCA-4646-B3BA-C49535A382A1}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 34 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:03 PM | de4321e2-9cca-4646-b3ba-c49535a382a1 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{DE4321E2-9CCA-4646-B3BA-C49535A382A1}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 33 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:03 PM | de4321e2-9cca-4646-b3ba-c49535a382a1 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "taskhostw.exe" with process ID 3236. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 32 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:03 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\wermgr.exe" in instance "{8B3AB6C9-3A34-46A1-8A79-C3A873CDED6E}" of task "\Microsoft\Windows\Windows Error Reporting\QueueReporting". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 31 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:01 PM | 8b3ab6c9-3a34-46a1-8a79-c3a873cded6e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{8B3AB6C9-3A34-46A1-8A79-C3A873CDED6E}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 30 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:01 PM | 8b3ab6c9-3a34-46a1-8a79-c3a873cded6e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "%windir%\system32\wermgr.exe" with process ID 3980. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 29 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:01 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{00000000-0000-0000-0000-000000000000}" instance of task "\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents" according to an event trigger. | 108 | 0 | | 4 | 108 | 0 | -9223372036854775808 | 28 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:55:01 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered on event | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{5BCE04B9-929F-4B5C-B79B-36F0ED86D461}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 27 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:59 PM | 5bce04b9-929f-4b5c-b79b-36f0ed86d461 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{5BCE04B9-929F-4B5C-B79B-36F0ED86D461}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 26 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:59 PM | 5bce04b9-929f-4b5c-b79b-36f0ed86d461 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{A89571ED-4E8B-4B75-8F81-70BE2F1A8952}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 25 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:51 PM | a89571ed-4e8b-4b75-8f81-70be2f1a8952 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "{A89571ED-4E8B-4B75-8F81-70BE2F1A8952}" , action "Device Installation Group Policy Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 24 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:51 PM | a89571ed-4e8b-4b75-8f81-70be2f1a8952 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{1FEB1807-B021-4276-8BE1-7A2BF2134D57}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 23 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:48 PM | 1feb1807-b021-4276-8be1-7a2bf2134d57 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{1FEB1807-B021-4276-8BE1-7A2BF2134D57}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 22 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:48 PM | 1feb1807-b021-4276-8be1-7a2bf2134d57 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{EBDA7E23-AC88-4671-9FDF-E9FED537B490}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 21 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:48 PM | ebda7e23-ac88-4671-9fdf-e9fed537b490 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{EBDA7E23-AC88-4671-9FDF-E9FED537B490}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 20 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:48 PM | ebda7e23-ac88-4671-9fdf-e9fed537b490 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{1FEB1807-B021-4276-8BE1-7A2BF2134D57}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 19 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:47 PM | 1feb1807-b021-4276-8be1-7a2bf2134d57 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{1FEB1807-B021-4276-8BE1-7A2BF2134D57}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 18 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:47 PM | 1feb1807-b021-4276-8be1-7a2bf2134d57 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{1FEB1807-B021-4276-8BE1-7A2BF2134D57}" instance of task "\Microsoft\Windows\CertificateServicesClient\SystemTask" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 17 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:47 PM | 1feb1807-b021-4276-8be1-7a2bf2134d57 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{00000000-0000-0000-0000-000000000000}" instance of task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork" according to an event trigger. | 108 | 0 | | 4 | 108 | 0 | -9223372036854775808 | 16 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:42 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered on event | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Device Installation Group Policy Task Handler" in instance "{A89571ED-4E8B-4B75-8F81-70BE2F1A8952}" of task "\Microsoft\Windows\Plug and Play\Device Install Group Policy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 15 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:42 PM | a89571ed-4e8b-4b75-8f81-70be2f1a8952 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{A89571ED-4E8B-4B75-8F81-70BE2F1A8952}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 14 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2416 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:42 PM | a89571ed-4e8b-4b75-8f81-70be2f1a8952 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{EBDA7E23-AC88-4671-9FDF-E9FED537B490}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 13 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:42 PM | ebda7e23-ac88-4671-9fdf-e9fed537b490 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{EBDA7E23-AC88-4671-9FDF-E9FED537B490}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 12 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2916 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:42 PM | ebda7e23-ac88-4671-9fdf-e9fed537b490 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{5BCE04B9-929F-4B5C-B79B-36F0ED86D461}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 11 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2844 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:42 PM | 5bce04b9-929f-4b5c-b79b-36f0ed86d461 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{5BCE04B9-929F-4B5C-B79B-36F0ED86D461}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 10 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2844 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:42 PM | 5bce04b9-929f-4b5c-b79b-36f0ed86d461 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "taskhostw.exe" with process ID 3780. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 9 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2844 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:42 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{C349D12C-3502-4E03-9451-197252358ADC}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 8 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2624 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:40 PM | c349d12c-3502-4e03-9451-197252358adc | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{C349D12C-3502-4E03-9451-197252358ADC}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 7 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2624 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:40 PM | c349d12c-3502-4e03-9451-197252358adc | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\compattelrunner.exe" in instance "{CC214752-ECE4-4E25-B111-D36693D62B5F}" of task "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 6 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2216 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:37 PM | cc214752-ece4-4e25-b111-d36693d62b5f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{CC214752-ECE4-4E25-B111-D36693D62B5F}" instance of the "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 5 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2216 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:37 PM | cc214752-ece4-4e25-b111-d36693d62b5f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" , instance "%windir%\system32\compattelrunner.exe" with process ID 2640. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 4 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2216 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:37 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{C349D12C-3502-4E03-9451-197252358ADC}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 3 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2840 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:37 PM | c349d12c-3502-4e03-9451-197252358adc | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{C349D12C-3502-4E03-9451-197252358ADC}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 2 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2840 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:37 PM | c349d12c-3502-4e03-9451-197252358adc | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "taskhostw.exe" with process ID 1744. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 1 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1488 | 2840 | n-h2-787206-13.cbci-787206-13.local | S-1-5-18 | 8/16/2021 7:54:37 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |