| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| Task Scheduler successfully finished "{0C6D32E2-9A2F-4DDE-B6A7-C6A82F93C10D}" instance of the "\Microsoft\Windows\UpdateOrchestrator\Refresh Settings" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 123 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2968 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 2:47:27 AM | 0c6d32e2-9a2f-4dde-b6a7-c6a82f93c10d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\UpdateOrchestrator\Refresh Settings" , instance "{0C6D32E2-9A2F-4DDE-B6A7-C6A82F93C10D}" , action "%systemroot%\system32\usoclient.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 122 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2968 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 2:47:27 AM | 0c6d32e2-9a2f-4dde-b6a7-c6a82f93c10d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%systemroot%\system32\usoclient.exe" in instance "{0C6D32E2-9A2F-4DDE-B6A7-C6A82F93C10D}" of task "\Microsoft\Windows\UpdateOrchestrator\Refresh Settings". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 121 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2968 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 2:47:27 AM | 0c6d32e2-9a2f-4dde-b6a7-c6a82f93c10d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{0C6D32E2-9A2F-4DDE-B6A7-C6A82F93C10D}" instance of the "\Microsoft\Windows\UpdateOrchestrator\Refresh Settings" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 120 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2968 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 2:47:27 AM | 0c6d32e2-9a2f-4dde-b6a7-c6a82f93c10d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\UpdateOrchestrator\Refresh Settings" , instance "%systemroot%\system32\usoclient.exe" with process ID 4076. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 119 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2968 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 2:47:27 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{0C6D32E2-9A2F-4DDE-B6A7-C6A82F93C10D}" instance of task "\Microsoft\Windows\UpdateOrchestrator\Refresh Settings" due to a time trigger condition. | 107 | 0 | | 4 | 107 | 0 | -9223372036854775808 | 118 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2968 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 2:47:27 AM | 0c6d32e2-9a2f-4dde-b6a7-c6a82f93c10d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered on scheduler | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-811805-1\N-H1-811805-1$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 117 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2968 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 2:43:18 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-811805-1\N-H1-811805-1$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 116 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2968 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 2:13:18 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-811805-1\N-H1-811805-1$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 115 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2968 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 1:43:18 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{322009C2-3FDE-4A3F-B32D-C373FA4EAACA}" instance of the "\Microsoft\Windows\Autochk\Proxy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 114 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 1:22:51 AM | 322009c2-3fde-4a3f-b32d-c373fa4eaaca | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Autochk\Proxy" , instance "{322009C2-3FDE-4A3F-B32D-C373FA4EAACA}" , action "%windir%\system32\rundll32.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 113 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 1:22:51 AM | 322009c2-3fde-4a3f-b32d-c373fa4eaaca | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\rundll32.exe" in instance "{322009C2-3FDE-4A3F-B32D-C373FA4EAACA}" of task "\Microsoft\Windows\Autochk\Proxy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 112 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2968 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 1:22:48 AM | 322009c2-3fde-4a3f-b32d-c373fa4eaaca | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{322009C2-3FDE-4A3F-B32D-C373FA4EAACA}" instance of the "\Microsoft\Windows\Autochk\Proxy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 111 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2968 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 1:22:48 AM | 322009c2-3fde-4a3f-b32d-c373fa4eaaca | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Autochk\Proxy" , instance "%windir%\system32\rundll32.exe" with process ID 4204. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 110 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2968 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 1:22:48 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{322009C2-3FDE-4A3F-B32D-C373FA4EAACA}" instance of task "\Microsoft\Windows\Autochk\Proxy" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 109 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2968 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 1:22:48 AM | 322009c2-3fde-4a3f-b32d-c373fa4eaaca | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "NT AUTHORITY\SYSTEM" updated Task Scheduler task "\Microsoft\Windows\WindowsUpdate\Scheduled Start" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 108 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1552 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 1:15:30 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-811805-1\N-H1-811805-1$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 107 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 1:13:17 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{5742C272-D2F7-4847-B060-DDC57225CBB4}" instance of the "\Microsoft\XblGameSave\XblGameSaveTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 106 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2912 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:52:47 AM | 5742c272-d2f7-4847-b060-ddc57225cbb4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\XblGameSave\XblGameSaveTask" , instance "{5742C272-D2F7-4847-B060-DDC57225CBB4}" , action "%windir%\System32\XblGameSaveTask.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 105 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2912 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:52:47 AM | 5742c272-d2f7-4847-b060-ddc57225cbb4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\System32\XblGameSaveTask.exe" in instance "{5742C272-D2F7-4847-B060-DDC57225CBB4}" of task "\Microsoft\XblGameSave\XblGameSaveTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 104 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2912 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:52:47 AM | 5742c272-d2f7-4847-b060-ddc57225cbb4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{5742C272-D2F7-4847-B060-DDC57225CBB4}" instance of the "\Microsoft\XblGameSave\XblGameSaveTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 103 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2912 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:52:47 AM | 5742c272-d2f7-4847-b060-ddc57225cbb4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\XblGameSave\XblGameSaveTask" , instance "%windir%\System32\XblGameSaveTask.exe" with process ID 4300. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 102 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2912 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:52:47 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "System" disabled Task Scheduler task "\Microsoft\Windows\UpdateOrchestrator\Resume On Boot" | 142 | 0 | | 4 | 142 | 0 | -9223372036854775808 | 101 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2920 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:51:52 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task disabled | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-811805-1\N-H1-811805-1$" updated Task Scheduler task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 100 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2920 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:51:48 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{B8896005-6F5A-45E9-A9EB-9EA07B9F362F}" instance of the "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 99 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2644 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:51:47 AM | b8896005-6f5a-45e9-a9eb-9ea07b9f362f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" , instance "{B8896005-6F5A-45E9-A9EB-9EA07B9F362F}" , action "%systemroot%\system32\usoclient.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 98 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2644 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:51:47 AM | b8896005-6f5a-45e9-a9eb-9ea07b9f362f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "System" updated Task Scheduler task "\Microsoft\Windows\UpdateOrchestrator\Resume On Boot" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 97 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2764 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:51:47 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%systemroot%\system32\usoclient.exe" in instance "{B8896005-6F5A-45E9-A9EB-9EA07B9F362F}" of task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 96 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2764 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:51:46 AM | b8896005-6f5a-45e9-a9eb-9ea07b9f362f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{B8896005-6F5A-45E9-A9EB-9EA07B9F362F}" instance of the "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 95 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2764 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:51:46 AM | b8896005-6f5a-45e9-a9eb-9ea07b9f362f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" , instance "%systemroot%\system32\usoclient.exe" with process ID 744. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 94 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2764 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:51:46 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{BE9A54D5-4CE8-48F6-A6A6-8540C8A649CF}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 93 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:51:46 AM | be9a54d5-4ce8-48f6-a6a6-8540c8a649cf | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "{BE9A54D5-4CE8-48F6-A6A6-8540C8A649CF}" , action "%windir%\system32\wermgr.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 92 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:51:46 AM | be9a54d5-4ce8-48f6-a6a6-8540c8a649cf | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\wermgr.exe" in instance "{BE9A54D5-4CE8-48F6-A6A6-8540C8A649CF}" of task "\Microsoft\Windows\Windows Error Reporting\QueueReporting". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 91 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2644 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:51:46 AM | be9a54d5-4ce8-48f6-a6a6-8540c8a649cf | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{BE9A54D5-4CE8-48F6-A6A6-8540C8A649CF}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 90 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2644 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:51:46 AM | be9a54d5-4ce8-48f6-a6a6-8540c8a649cf | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "%windir%\system32\wermgr.exe" with process ID 3228. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 89 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2644 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:51:46 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler could not launch task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" as scheduled. Instance "{B8896005-6F5A-45E9-A9EB-9EA07B9F362F}" is started now as required by the configuration option to start the task when available, if schedule is missed. | 114 | 0 | | 3 | 114 | 0 | -9223372036854775808 | 88 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2764 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:51:46 AM | b8896005-6f5a-45e9-a9eb-9ea07b9f362f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | Missed task started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler could not launch task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" as scheduled. Instance "{BE9A54D5-4CE8-48F6-A6A6-8540C8A649CF}" is started now as required by the configuration option to start the task when available, if schedule is missed. | 114 | 0 | | 3 | 114 | 0 | -9223372036854775808 | 87 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2644 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:51:46 AM | be9a54d5-4ce8-48f6-a6a6-8540c8a649cf | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | Missed task started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{9C06D0F9-269C-43BD-B407-E8C8AD0FE803}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 86 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:45:47 AM | 9c06d0f9-269c-43bd-b407-e8c8ad0fe803 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "{9C06D0F9-269C-43BD-B407-E8C8AD0FE803}" , action "%windir%\system32\wermgr.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 85 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:45:47 AM | 9c06d0f9-269c-43bd-b407-e8c8ad0fe803 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\wermgr.exe" in instance "{9C06D0F9-269C-43BD-B407-E8C8AD0FE803}" of task "\Microsoft\Windows\Windows Error Reporting\QueueReporting". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 84 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:45:47 AM | 9c06d0f9-269c-43bd-b407-e8c8ad0fe803 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{9C06D0F9-269C-43BD-B407-E8C8AD0FE803}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 83 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:45:47 AM | 9c06d0f9-269c-43bd-b407-e8c8ad0fe803 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "%windir%\system32\wermgr.exe" with process ID 3860. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 82 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:45:47 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{9C06D0F9-269C-43BD-B407-E8C8AD0FE803}" instance of task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 81 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:45:47 AM | 9c06d0f9-269c-43bd-b407-e8c8ad0fe803 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-811805-1\N-H1-811805-1$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 80 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:45:19 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{B9BAD6C3-1969-4741-8B74-BBCF115D4227}" instance of the "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 79 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:44:35 AM | b9bad6c3-1969-4741-8b74-bbcf115d4227 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" , instance "{B9BAD6C3-1969-4741-8B74-BBCF115D4227}" , action "%windir%\system32\compattelrunner.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 78 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:44:35 AM | b9bad6c3-1969-4741-8b74-bbcf115d4227 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{0788222F-E646-4794-A266-79A7B4A40BE0}" instance of the "\Microsoft\Windows\Software Inventory Logging\Configuration" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 77 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1748 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:52 AM | 0788222f-e646-4794-a266-79a7b4a40be0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Software Inventory Logging\Configuration" , instance "{0788222F-E646-4794-A266-79A7B4A40BE0}" , action "%systemroot%\system32\cmd.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 76 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1748 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:52 AM | 0788222f-e646-4794-a266-79a7b4a40be0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%systemroot%\system32\cmd.exe" in instance "{0788222F-E646-4794-A266-79A7B4A40BE0}" of task "\Microsoft\Windows\Software Inventory Logging\Configuration". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 75 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2840 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:47 AM | 0788222f-e646-4794-a266-79a7b4a40be0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{0788222F-E646-4794-A266-79A7B4A40BE0}" instance of the "\Microsoft\Windows\Software Inventory Logging\Configuration" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 74 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2840 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:47 AM | 0788222f-e646-4794-a266-79a7b4a40be0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Software Inventory Logging\Configuration" , instance "%systemroot%\system32\cmd.exe" with process ID 3944. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 73 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2840 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:47 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{0788222F-E646-4794-A266-79A7B4A40BE0}" instance of task "\Microsoft\Windows\Software Inventory Logging\Configuration" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 72 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2840 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:47 AM | 0788222f-e646-4794-a266-79a7b4a40be0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-811805-1\N-H1-811805-1$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 71 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:34 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{D43497CE-BF65-4895-9ACA-D3011B7C99EA}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 70 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:26 AM | d43497ce-bf65-4895-9aca-d3011b7c99ea | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "{D43497CE-BF65-4895-9ACA-D3011B7C99EA}" , action "Device Installation Group Policy Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 69 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:26 AM | d43497ce-bf65-4895-9aca-d3011b7c99ea | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Device Installation Group Policy Task Handler" in instance "{D43497CE-BF65-4895-9ACA-D3011B7C99EA}" of task "\Microsoft\Windows\Plug and Play\Device Install Group Policy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 68 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:26 AM | d43497ce-bf65-4895-9aca-d3011b7c99ea | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{D43497CE-BF65-4895-9ACA-D3011B7C99EA}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 67 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:26 AM | d43497ce-bf65-4895-9aca-d3011b7c99ea | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "taskhostw.exe" with process ID 2712. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 66 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:26 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{9E8AE952-5E1A-46F5-878E-343606E93CAE}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 65 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1748 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:26 AM | 9e8ae952-5e1a-46f5-878e-343606e93cae | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{9E8AE952-5E1A-46F5-878E-343606E93CAE}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 64 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1748 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:26 AM | 9e8ae952-5e1a-46f5-878e-343606e93cae | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{9E8AE952-5E1A-46F5-878E-343606E93CAE}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 63 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1748 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:26 AM | 9e8ae952-5e1a-46f5-878e-343606e93cae | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{9E8AE952-5E1A-46F5-878E-343606E93CAE}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 62 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1748 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:26 AM | 9e8ae952-5e1a-46f5-878e-343606e93cae | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "taskhostw.exe" with process ID 2760. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 61 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1748 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:26 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{587F893A-3C90-4F3F-81DA-AE3E8775631F}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 60 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:26 AM | 587f893a-3c90-4f3f-81da-ae3e8775631f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{587F893A-3C90-4F3F-81DA-AE3E8775631F}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 59 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:26 AM | 587f893a-3c90-4f3f-81da-ae3e8775631f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{587F893A-3C90-4F3F-81DA-AE3E8775631F}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 58 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:26 AM | 587f893a-3c90-4f3f-81da-ae3e8775631f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{587F893A-3C90-4F3F-81DA-AE3E8775631F}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 57 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:26 AM | 587f893a-3c90-4f3f-81da-ae3e8775631f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "taskhostw.exe" with process ID 2424. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 56 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:26 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{8C530232-1CF7-4A1C-AFC2-E9418F1C492A}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 55 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1748 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:16 AM | 8c530232-1cf7-4a1c-afc2-e9418f1c492a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "{8C530232-1CF7-4A1C-AFC2-E9418F1C492A}" , action "Device Installation Group Policy Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 54 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1748 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:16 AM | 8c530232-1cf7-4a1c-afc2-e9418f1c492a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Device Installation Group Policy Task Handler" in instance "{8C530232-1CF7-4A1C-AFC2-E9418F1C492A}" of task "\Microsoft\Windows\Plug and Play\Device Install Group Policy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 53 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1748 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:16 AM | 8c530232-1cf7-4a1c-afc2-e9418f1c492a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{8C530232-1CF7-4A1C-AFC2-E9418F1C492A}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 52 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1748 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:16 AM | 8c530232-1cf7-4a1c-afc2-e9418f1c492a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "taskhostw.exe" with process ID 4776. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 51 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1748 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:16 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{297007DB-EAE6-42E9-95C3-5F43EA3C4DC5}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 50 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:16 AM | 297007db-eae6-42e9-95c3-5f43ea3c4dc5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{297007DB-EAE6-42E9-95C3-5F43EA3C4DC5}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 49 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:16 AM | 297007db-eae6-42e9-95c3-5f43ea3c4dc5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{297007DB-EAE6-42E9-95C3-5F43EA3C4DC5}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 48 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:16 AM | 297007db-eae6-42e9-95c3-5f43ea3c4dc5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{297007DB-EAE6-42E9-95C3-5F43EA3C4DC5}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 47 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:16 AM | 297007db-eae6-42e9-95c3-5f43ea3c4dc5 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "taskhostw.exe" with process ID 4748. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 46 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2848 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:16 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{0924C739-5606-41AA-A204-EDA45F99636C}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 45 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:16 AM | 0924c739-5606-41aa-a204-eda45f99636c | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{0924C739-5606-41AA-A204-EDA45F99636C}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 44 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:16 AM | 0924c739-5606-41aa-a204-eda45f99636c | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{0924C739-5606-41AA-A204-EDA45F99636C}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 43 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:16 AM | 0924c739-5606-41aa-a204-eda45f99636c | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{0924C739-5606-41AA-A204-EDA45F99636C}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 42 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:16 AM | 0924c739-5606-41aa-a204-eda45f99636c | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "taskhostw.exe" with process ID 4692. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 41 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:43:16 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{801997C6-AA7B-494F-B513-9AE20CC5111E}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 40 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | 801997c6-aa7b-494f-b513-9ae20cc5111e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{801997C6-AA7B-494F-B513-9AE20CC5111E}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 39 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | 801997c6-aa7b-494f-b513-9ae20cc5111e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{03F701E1-7DD0-4505-A316-56D0B859C0FD}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 38 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | 03f701e1-7dd0-4505-a316-56d0b859c0fd | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{03F701E1-7DD0-4505-A316-56D0B859C0FD}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 37 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | 03f701e1-7dd0-4505-a316-56d0b859c0fd | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{CE12C383-326A-4112-A912-A5AF9460BF62}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 36 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | ce12c383-326a-4112-a912-a5af9460bf62 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{CE12C383-326A-4112-A912-A5AF9460BF62}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 35 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | ce12c383-326a-4112-a912-a5af9460bf62 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{CE12C383-326A-4112-A912-A5AF9460BF62}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 34 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2224 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | ce12c383-326a-4112-a912-a5af9460bf62 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{CE12C383-326A-4112-A912-A5AF9460BF62}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 33 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2224 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | ce12c383-326a-4112-a912-a5af9460bf62 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{6AE5054C-641E-473D-9705-E9372F5C03F0}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 32 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | 6ae5054c-641e-473d-9705-e9372f5c03f0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{6AE5054C-641E-473D-9705-E9372F5C03F0}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 31 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | 6ae5054c-641e-473d-9705-e9372f5c03f0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{13067424-9B9C-40EC-821C-B533BB752BDA}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 30 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | 13067424-9b9c-40ec-821c-b533bb752bda | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{13067424-9B9C-40EC-821C-B533BB752BDA}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 29 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | 13067424-9b9c-40ec-821c-b533bb752bda | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{6AE5054C-641E-473D-9705-E9372F5C03F0}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 28 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 3564 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | 6ae5054c-641e-473d-9705-e9372f5c03f0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{6AE5054C-641E-473D-9705-E9372F5C03F0}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 27 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 3564 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | 6ae5054c-641e-473d-9705-e9372f5c03f0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{15C43560-5246-448D-B8D9-2D7C3488B26E}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 26 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | 15c43560-5246-448d-b8d9-2d7c3488b26e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "{15C43560-5246-448D-B8D9-2D7C3488B26E}" , action "Device Installation Group Policy Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 25 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | 15c43560-5246-448d-b8d9-2d7c3488b26e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{52C543C7-89DC-465B-A4B9-BC45BD943D43}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 24 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | 52c543c7-89dc-465b-a4b9-bc45bd943d43 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "{52C543C7-89DC-465B-A4B9-BC45BD943D43}" , action "Device Installation Group Policy Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 23 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | 52c543c7-89dc-465b-a4b9-bc45bd943d43 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Device Installation Group Policy Task Handler" in instance "{15C43560-5246-448D-B8D9-2D7C3488B26E}" of task "\Microsoft\Windows\Plug and Play\Device Install Group Policy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 22 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 3560 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | 15c43560-5246-448d-b8d9-2d7c3488b26e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{15C43560-5246-448D-B8D9-2D7C3488B26E}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 21 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 3560 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:58 AM | 15c43560-5246-448d-b8d9-2d7c3488b26e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{801997C6-AA7B-494F-B513-9AE20CC5111E}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 20 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:57 AM | 801997c6-aa7b-494f-b513-9ae20cc5111e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{801997C6-AA7B-494F-B513-9AE20CC5111E}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 19 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:57 AM | 801997c6-aa7b-494f-b513-9ae20cc5111e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{801997C6-AA7B-494F-B513-9AE20CC5111E}" instance of task "\Microsoft\Windows\CertificateServicesClient\SystemTask" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 18 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:57 AM | 801997c6-aa7b-494f-b513-9ae20cc5111e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{C3D4FD4D-6B56-4D7B-9D56-078F9035976C}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 17 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:55 AM | c3d4fd4d-6b56-4d7b-9d56-078f9035976c | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{C3D4FD4D-6B56-4D7B-9D56-078F9035976C}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 16 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 1936 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:55 AM | c3d4fd4d-6b56-4d7b-9d56-078f9035976c | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler queued instance "{15C43560-5246-448D-B8D9-2D7C3488B26E}" of task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" and will launch it as soon as instance "{52C543C7-89DC-465B-A4B9-BC45BD943D43}" completes. | 324 | 0 | | 3 | 324 | 0 | -9223372036854775808 | 15 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2716 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:51 AM | 15c43560-5246-448d-b8d9-2d7c3488b26e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | Launch request queued, instance already running | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{C3D4FD4D-6B56-4D7B-9D56-078F9035976C}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 14 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2968 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:51 AM | c3d4fd4d-6b56-4d7b-9d56-078f9035976c | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{C3D4FD4D-6B56-4D7B-9D56-078F9035976C}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 13 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2968 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:51 AM | c3d4fd4d-6b56-4d7b-9d56-078f9035976c | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Device Installation Group Policy Task Handler" in instance "{52C543C7-89DC-465B-A4B9-BC45BD943D43}" of task "\Microsoft\Windows\Plug and Play\Device Install Group Policy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 12 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2644 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:51 AM | 52c543c7-89dc-465b-a4b9-bc45bd943d43 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{52C543C7-89DC-465B-A4B9-BC45BD943D43}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 11 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2644 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:51 AM | 52c543c7-89dc-465b-a4b9-bc45bd943d43 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler queued instance "{CE12C383-326A-4112-A912-A5AF9460BF62}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance" and will launch it as soon as instance "{13067424-9B9C-40EC-821C-B533BB752BDA}" completes. | 324 | 0 | | 3 | 324 | 0 | -9223372036854775808 | 10 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2988 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:51 AM | ce12c383-326a-4112-a912-a5af9460bf62 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | Launch request queued, instance already running | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler queued instance "{6AE5054C-641E-473D-9705-E9372F5C03F0}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance" and will launch it as soon as instance "{13067424-9B9C-40EC-821C-B533BB752BDA}" completes. | 324 | 0 | | 3 | 324 | 0 | -9223372036854775808 | 9 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2988 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:51 AM | 6ae5054c-641e-473d-9705-e9372f5c03f0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | Launch request queued, instance already running | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{03F701E1-7DD0-4505-A316-56D0B859C0FD}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 8 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2644 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:51 AM | 03f701e1-7dd0-4505-a316-56d0b859c0fd | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{03F701E1-7DD0-4505-A316-56D0B859C0FD}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 7 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2644 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:51 AM | 03f701e1-7dd0-4505-a316-56d0b859c0fd | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\compattelrunner.exe" in instance "{B9BAD6C3-1969-4741-8B74-BBCF115D4227}" of task "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 6 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2764 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:48 AM | b9bad6c3-1969-4741-8b74-bbcf115d4227 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{B9BAD6C3-1969-4741-8B74-BBCF115D4227}" instance of the "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 5 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2764 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:48 AM | b9bad6c3-1969-4741-8b74-bbcf115d4227 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" , instance "%windir%\system32\compattelrunner.exe" with process ID 2752. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 4 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2764 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:48 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{13067424-9B9C-40EC-821C-B533BB752BDA}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 3 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2988 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:48 AM | 13067424-9b9c-40ec-821c-b533bb752bda | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{13067424-9B9C-40EC-821C-B533BB752BDA}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 2 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2988 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:48 AM | 13067424-9b9c-40ec-821c-b533bb752bda | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "taskhostw.exe" with process ID 2928. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 1 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1328 | 2988 | n-h1-811805-1.cbci-811805-1.local | S-1-5-18 | 9/30/2021 12:42:48 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |