| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| Task Scheduler successfully finished "{736EC416-6FFC-48D9-A936-4B304EB1E2AF}" instance of the "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 109 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2932 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 6:00:01 PM | 736ec416-6ffc-48d9-a936-4b304eb1e2af | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" , instance "{736EC416-6FFC-48D9-A936-4B304EB1E2AF}" , action "%SystemRoot%\System32\wsqmcons.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 108 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2932 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 6:00:01 PM | 736ec416-6ffc-48d9-a936-4b304eb1e2af | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%SystemRoot%\System32\wsqmcons.exe" in instance "{736EC416-6FFC-48D9-A936-4B304EB1E2AF}" of task "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 107 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2932 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 6:00:01 PM | 736ec416-6ffc-48d9-a936-4b304eb1e2af | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{736EC416-6FFC-48D9-A936-4B304EB1E2AF}" instance of the "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 106 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2932 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 6:00:01 PM | 736ec416-6ffc-48d9-a936-4b304eb1e2af | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" , instance "%SystemRoot%\System32\wsqmcons.exe" with process ID 3120. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 105 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2932 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 6:00:01 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{736EC416-6FFC-48D9-A936-4B304EB1E2AF}" instance of task "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" due to a time trigger condition. | 107 | 0 | | 4 | 107 | 0 | -9223372036854775808 | 104 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2932 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 6:00:01 PM | 736ec416-6ffc-48d9-a936-4b304eb1e2af | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered on scheduler | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-820531-6\N-H1-820531-6$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 103 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 1444 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 5:45:05 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-820531-6\N-H1-820531-6$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 102 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2908 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 5:15:05 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{90A6A664-E3D8-4B3D-9D08-60C490422AA0}" instance of the "\Microsoft\Windows\Autochk\Proxy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 101 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 1748 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:54:37 PM | 90a6a664-e3d8-4b3d-9d08-60c490422aa0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Autochk\Proxy" , instance "{90A6A664-E3D8-4B3D-9D08-60C490422AA0}" , action "%windir%\system32\rundll32.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 100 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 1748 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:54:37 PM | 90a6a664-e3d8-4b3d-9d08-60c490422aa0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\rundll32.exe" in instance "{90A6A664-E3D8-4B3D-9D08-60C490422AA0}" of task "\Microsoft\Windows\Autochk\Proxy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 99 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:54:34 PM | 90a6a664-e3d8-4b3d-9d08-60c490422aa0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{90A6A664-E3D8-4B3D-9D08-60C490422AA0}" instance of the "\Microsoft\Windows\Autochk\Proxy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 98 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:54:34 PM | 90a6a664-e3d8-4b3d-9d08-60c490422aa0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Autochk\Proxy" , instance "%windir%\system32\rundll32.exe" with process ID 3380. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 97 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:54:34 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{90A6A664-E3D8-4B3D-9D08-60C490422AA0}" instance of task "\Microsoft\Windows\Autochk\Proxy" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 96 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:54:34 PM | 90a6a664-e3d8-4b3d-9d08-60c490422aa0 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "NT AUTHORITY\SYSTEM" updated Task Scheduler task "\Microsoft\Windows\WindowsUpdate\Scheduled Start" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 95 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:48:09 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-820531-6\N-H1-820531-6$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 94 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2908 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:45:05 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{AF17B291-BA7E-4D8D-9BF8-E62B1A549B79}" instance of the "\Microsoft\XblGameSave\XblGameSaveTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 93 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2908 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:24:34 PM | af17b291-ba7e-4d8d-9bf8-e62b1a549b79 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\XblGameSave\XblGameSaveTask" , instance "{AF17B291-BA7E-4D8D-9BF8-E62B1A549B79}" , action "%windir%\System32\XblGameSaveTask.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 92 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2908 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:24:34 PM | af17b291-ba7e-4d8d-9bf8-e62b1a549b79 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\System32\XblGameSaveTask.exe" in instance "{AF17B291-BA7E-4D8D-9BF8-E62B1A549B79}" of task "\Microsoft\XblGameSave\XblGameSaveTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 91 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2904 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:24:34 PM | af17b291-ba7e-4d8d-9bf8-e62b1a549b79 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{AF17B291-BA7E-4D8D-9BF8-E62B1A549B79}" instance of the "\Microsoft\XblGameSave\XblGameSaveTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 90 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2904 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:24:34 PM | af17b291-ba7e-4d8d-9bf8-e62b1a549b79 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\XblGameSave\XblGameSaveTask" , instance "%windir%\System32\XblGameSaveTask.exe" with process ID 3244. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 89 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2904 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:24:34 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "System" disabled Task Scheduler task "\Microsoft\Windows\UpdateOrchestrator\Resume On Boot" | 142 | 0 | | 4 | 142 | 0 | -9223372036854775808 | 88 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2564 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:18:36 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task disabled | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-820531-6\N-H1-820531-6$" updated Task Scheduler task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 87 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2880 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:18:35 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{C032A2C5-1F28-4FED-BAF1-DD3585150A68}" instance of the "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 86 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2880 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:18:34 PM | c032a2c5-1f28-4fed-baf1-dd3585150a68 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" , instance "{C032A2C5-1F28-4FED-BAF1-DD3585150A68}" , action "%systemroot%\system32\usoclient.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 85 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2880 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:18:34 PM | c032a2c5-1f28-4fed-baf1-dd3585150a68 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "System" updated Task Scheduler task "\Microsoft\Windows\UpdateOrchestrator\Resume On Boot" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 84 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2564 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:18:34 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{8695F9EF-453C-4754-A65E-12F4C3C3031E}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 83 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2264 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:18:34 PM | 8695f9ef-453c-4754-a65e-12f4c3c3031e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "{8695F9EF-453C-4754-A65E-12F4C3C3031E}" , action "%windir%\system32\wermgr.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 82 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2264 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:18:34 PM | 8695f9ef-453c-4754-a65e-12f4c3c3031e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%systemroot%\system32\usoclient.exe" in instance "{C032A2C5-1F28-4FED-BAF1-DD3585150A68}" of task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 81 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2264 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:18:34 PM | c032a2c5-1f28-4fed-baf1-dd3585150a68 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{C032A2C5-1F28-4FED-BAF1-DD3585150A68}" instance of the "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 80 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2264 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:18:34 PM | c032a2c5-1f28-4fed-baf1-dd3585150a68 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" , instance "%systemroot%\system32\usoclient.exe" with process ID 4008. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 79 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2264 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:18:34 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\wermgr.exe" in instance "{8695F9EF-453C-4754-A65E-12F4C3C3031E}" of task "\Microsoft\Windows\Windows Error Reporting\QueueReporting". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 78 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2564 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:18:34 PM | 8695f9ef-453c-4754-a65e-12f4c3c3031e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{8695F9EF-453C-4754-A65E-12F4C3C3031E}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 77 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2564 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:18:34 PM | 8695f9ef-453c-4754-a65e-12f4c3c3031e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "%windir%\system32\wermgr.exe" with process ID 5104. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 76 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2564 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:18:34 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler could not launch task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" as scheduled. Instance "{C032A2C5-1F28-4FED-BAF1-DD3585150A68}" is started now as required by the configuration option to start the task when available, if schedule is missed. | 114 | 0 | | 3 | 114 | 0 | -9223372036854775808 | 75 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2264 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:18:34 PM | c032a2c5-1f28-4fed-baf1-dd3585150a68 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | Missed task started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler could not launch task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" as scheduled. Instance "{8695F9EF-453C-4754-A65E-12F4C3C3031E}" is started now as required by the configuration option to start the task when available, if schedule is missed. | 114 | 0 | | 3 | 114 | 0 | -9223372036854775808 | 74 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2564 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:18:34 PM | 8695f9ef-453c-4754-a65e-12f4c3c3031e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | Missed task started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{846CA78A-397C-478D-9607-6D0DF24BD735}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 73 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2564 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:17:35 PM | 846ca78a-397c-478d-9607-6d0df24bd735 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "{846CA78A-397C-478D-9607-6D0DF24BD735}" , action "%windir%\system32\wermgr.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 72 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2564 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:17:35 PM | 846ca78a-397c-478d-9607-6d0df24bd735 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\wermgr.exe" in instance "{846CA78A-397C-478D-9607-6D0DF24BD735}" of task "\Microsoft\Windows\Windows Error Reporting\QueueReporting". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 71 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2564 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:17:35 PM | 846ca78a-397c-478d-9607-6d0df24bd735 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{846CA78A-397C-478D-9607-6D0DF24BD735}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 70 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2564 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:17:35 PM | 846ca78a-397c-478d-9607-6d0df24bd735 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "%windir%\system32\wermgr.exe" with process ID 4088. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 69 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2564 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:17:35 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{846CA78A-397C-478D-9607-6D0DF24BD735}" instance of task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 68 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2564 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:17:35 PM | 846ca78a-397c-478d-9607-6d0df24bd735 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-820531-6\N-H1-820531-6$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 67 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2564 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:17:06 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{5857183F-3B33-4546-A477-0E2C6B835237}" instance of the "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 66 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:16:24 PM | 5857183f-3b33-4546-a477-0e2c6b835237 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" , instance "{5857183F-3B33-4546-A477-0E2C6B835237}" , action "%windir%\system32\compattelrunner.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 65 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:16:24 PM | 5857183f-3b33-4546-a477-0e2c6b835237 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{445F381F-C4AB-42EA-A069-4068A57DC09F}" instance of the "\Microsoft\Windows\Software Inventory Logging\Configuration" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 64 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2908 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:35 PM | 445f381f-c4ab-42ea-a069-4068a57dc09f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Software Inventory Logging\Configuration" , instance "{445F381F-C4AB-42EA-A069-4068A57DC09F}" , action "%systemroot%\system32\cmd.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 63 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2908 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:35 PM | 445f381f-c4ab-42ea-a069-4068a57dc09f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%systemroot%\system32\cmd.exe" in instance "{445F381F-C4AB-42EA-A069-4068A57DC09F}" of task "\Microsoft\Windows\Software Inventory Logging\Configuration". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 62 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2908 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:34 PM | 445f381f-c4ab-42ea-a069-4068a57dc09f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{445F381F-C4AB-42EA-A069-4068A57DC09F}" instance of the "\Microsoft\Windows\Software Inventory Logging\Configuration" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 61 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2908 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:34 PM | 445f381f-c4ab-42ea-a069-4068a57dc09f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Software Inventory Logging\Configuration" , instance "%systemroot%\system32\cmd.exe" with process ID 4360. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 60 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2908 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:34 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{445F381F-C4AB-42EA-A069-4068A57DC09F}" instance of task "\Microsoft\Windows\Software Inventory Logging\Configuration" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 59 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2908 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:34 PM | 445f381f-c4ab-42ea-a069-4068a57dc09f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{28B420F5-6C1A-41FF-86E5-908530443F5A}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 58 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2844 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:19 PM | 28b420f5-6c1a-41ff-86e5-908530443f5a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{28B420F5-6C1A-41FF-86E5-908530443F5A}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 57 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2844 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:19 PM | 28b420f5-6c1a-41ff-86e5-908530443f5a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{28B420F5-6C1A-41FF-86E5-908530443F5A}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 56 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2844 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:19 PM | 28b420f5-6c1a-41ff-86e5-908530443f5a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{28B420F5-6C1A-41FF-86E5-908530443F5A}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 55 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2844 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:19 PM | 28b420f5-6c1a-41ff-86e5-908530443f5a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "taskhostw.exe" with process ID 5052. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 54 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2844 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:19 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{DA145AF4-CEB5-44F0-99F3-3C9E5219DFAD}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 53 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2904 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:19 PM | da145af4-ceb5-44f0-99f3-3c9e5219dfad | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "{DA145AF4-CEB5-44F0-99F3-3C9E5219DFAD}" , action "Device Installation Group Policy Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 52 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2904 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:19 PM | da145af4-ceb5-44f0-99f3-3c9e5219dfad | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Device Installation Group Policy Task Handler" in instance "{DA145AF4-CEB5-44F0-99F3-3C9E5219DFAD}" of task "\Microsoft\Windows\Plug and Play\Device Install Group Policy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 51 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2904 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:19 PM | da145af4-ceb5-44f0-99f3-3c9e5219dfad | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{DA145AF4-CEB5-44F0-99F3-3C9E5219DFAD}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 50 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2904 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:19 PM | da145af4-ceb5-44f0-99f3-3c9e5219dfad | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "taskhostw.exe" with process ID 5024. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 49 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2904 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:19 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{C95D6145-5423-42B9-9E92-277997DC1E82}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 48 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 1444 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:19 PM | c95d6145-5423-42b9-9e92-277997dc1e82 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{C95D6145-5423-42B9-9E92-277997DC1E82}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 47 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 1444 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:19 PM | c95d6145-5423-42b9-9e92-277997dc1e82 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{C95D6145-5423-42B9-9E92-277997DC1E82}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 46 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 1444 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:19 PM | c95d6145-5423-42b9-9e92-277997dc1e82 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{C95D6145-5423-42B9-9E92-277997DC1E82}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 45 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 1444 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:19 PM | c95d6145-5423-42b9-9e92-277997dc1e82 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "taskhostw.exe" with process ID 4976. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 44 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 1444 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:19 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-820531-6\N-H1-820531-6$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 43 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2612 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:14 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{C964CCE6-ABAE-4329-A404-F2B038CDBB63}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 42 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 1444 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:09 PM | c964cce6-abae-4329-a404-f2b038cdbb63 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "{C964CCE6-ABAE-4329-A404-F2B038CDBB63}" , action "Device Installation Group Policy Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 41 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 1444 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:09 PM | c964cce6-abae-4329-a404-f2b038cdbb63 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Device Installation Group Policy Task Handler" in instance "{C964CCE6-ABAE-4329-A404-F2B038CDBB63}" of task "\Microsoft\Windows\Plug and Play\Device Install Group Policy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 40 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 1444 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:09 PM | c964cce6-abae-4329-a404-f2b038cdbb63 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{C964CCE6-ABAE-4329-A404-F2B038CDBB63}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 39 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 1444 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:09 PM | c964cce6-abae-4329-a404-f2b038cdbb63 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "taskhostw.exe" with process ID 4132. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 38 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 1444 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:09 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{E75230AD-3A73-4C50-AD8C-902E2D80C490}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 37 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2612 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:09 PM | e75230ad-3a73-4c50-ad8c-902e2d80c490 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{E75230AD-3A73-4C50-AD8C-902E2D80C490}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 36 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2612 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:09 PM | e75230ad-3a73-4c50-ad8c-902e2d80c490 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{E75230AD-3A73-4C50-AD8C-902E2D80C490}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 35 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2612 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:09 PM | e75230ad-3a73-4c50-ad8c-902e2d80c490 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{E75230AD-3A73-4C50-AD8C-902E2D80C490}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 34 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2612 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:09 PM | e75230ad-3a73-4c50-ad8c-902e2d80c490 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "taskhostw.exe" with process ID 4104. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 33 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2612 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:09 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{A490DFC6-6114-4A30-BF83-3FA1043D1D8E}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 32 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:09 PM | a490dfc6-6114-4a30-bf83-3fa1043d1d8e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{A490DFC6-6114-4A30-BF83-3FA1043D1D8E}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 31 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:09 PM | a490dfc6-6114-4a30-bf83-3fa1043d1d8e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{A490DFC6-6114-4A30-BF83-3FA1043D1D8E}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 30 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:09 PM | a490dfc6-6114-4a30-bf83-3fa1043d1d8e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{A490DFC6-6114-4A30-BF83-3FA1043D1D8E}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 29 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:09 PM | a490dfc6-6114-4a30-bf83-3fa1043d1d8e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "taskhostw.exe" with process ID 3380. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 28 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:15:09 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{B8F005CD-2D1F-43C0-A0E5-5B93DC5176A1}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 27 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:45 PM | b8f005cd-2d1f-43c0-a0e5-5b93dc5176a1 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{B8F005CD-2D1F-43C0-A0E5-5B93DC5176A1}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 26 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:45 PM | b8f005cd-2d1f-43c0-a0e5-5b93dc5176a1 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{B8F005CD-2D1F-43C0-A0E5-5B93DC5176A1}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 25 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:45 PM | b8f005cd-2d1f-43c0-a0e5-5b93dc5176a1 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{B8F005CD-2D1F-43C0-A0E5-5B93DC5176A1}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 24 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:45 PM | b8f005cd-2d1f-43c0-a0e5-5b93dc5176a1 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "taskhostw.exe" with process ID 1832. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 23 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:45 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{B8F005CD-2D1F-43C0-A0E5-5B93DC5176A1}" instance of task "\Microsoft\Windows\CertificateServicesClient\SystemTask" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 22 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:45 PM | b8f005cd-2d1f-43c0-a0e5-5b93dc5176a1 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{82C8CCC6-961A-4923-8224-1740A980AF9A}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 21 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:44 PM | 82c8ccc6-961a-4923-8224-1740a980af9a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{82C8CCC6-961A-4923-8224-1740A980AF9A}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 20 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:44 PM | 82c8ccc6-961a-4923-8224-1740a980af9a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{4ED8CB21-E6D8-4EA6-8B5E-8B10E5B3D450}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 19 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:44 PM | 4ed8cb21-e6d8-4ea6-8b5e-8b10e5b3d450 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{4ED8CB21-E6D8-4EA6-8B5E-8B10E5B3D450}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 18 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:44 PM | 4ed8cb21-e6d8-4ea6-8b5e-8b10e5b3d450 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{4ED8CB21-E6D8-4EA6-8B5E-8B10E5B3D450}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 17 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2512 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:44 PM | 4ed8cb21-e6d8-4ea6-8b5e-8b10e5b3d450 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{4ED8CB21-E6D8-4EA6-8B5E-8B10E5B3D450}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 16 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2512 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:44 PM | 4ed8cb21-e6d8-4ea6-8b5e-8b10e5b3d450 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{E0A4DC16-8DF6-453C-96BD-8DA475AC6063}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 15 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:44 PM | e0a4dc16-8df6-453c-96bd-8da475ac6063 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{E0A4DC16-8DF6-453C-96BD-8DA475AC6063}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 14 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:44 PM | e0a4dc16-8df6-453c-96bd-8da475ac6063 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{43406B49-D67E-49CB-883A-59A74B014A06}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 13 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2832 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:44 PM | 43406b49-d67e-49cb-883a-59a74b014a06 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "{43406B49-D67E-49CB-883A-59A74B014A06}" , action "Device Installation Group Policy Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 12 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2832 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:44 PM | 43406b49-d67e-49cb-883a-59a74b014a06 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler queued instance "{4ED8CB21-E6D8-4EA6-8B5E-8B10E5B3D450}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance" and will launch it as soon as instance "{E0A4DC16-8DF6-453C-96BD-8DA475AC6063}" completes. | 324 | 0 | | 3 | 324 | 0 | -9223372036854775808 | 11 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2120 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:38 PM | 4ed8cb21-e6d8-4ea6-8b5e-8b10e5b3d450 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | Launch request queued, instance already running | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Device Installation Group Policy Task Handler" in instance "{43406B49-D67E-49CB-883A-59A74B014A06}" of task "\Microsoft\Windows\Plug and Play\Device Install Group Policy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 10 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2832 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:38 PM | 43406b49-d67e-49cb-883a-59a74b014a06 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{43406B49-D67E-49CB-883A-59A74B014A06}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 9 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2832 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:38 PM | 43406b49-d67e-49cb-883a-59a74b014a06 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{82C8CCC6-961A-4923-8224-1740A980AF9A}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 8 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2904 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:38 PM | 82c8ccc6-961a-4923-8224-1740a980af9a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{82C8CCC6-961A-4923-8224-1740A980AF9A}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 7 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2904 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:38 PM | 82c8ccc6-961a-4923-8224-1740a980af9a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\compattelrunner.exe" in instance "{5857183F-3B33-4546-A477-0E2C6B835237}" of task "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 6 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2948 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:35 PM | 5857183f-3b33-4546-a477-0e2c6b835237 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{5857183F-3B33-4546-A477-0E2C6B835237}" instance of the "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 5 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2948 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:35 PM | 5857183f-3b33-4546-a477-0e2c6b835237 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" , instance "%windir%\system32\compattelrunner.exe" with process ID 3124. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 4 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2948 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:35 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{E0A4DC16-8DF6-453C-96BD-8DA475AC6063}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 3 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2844 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:35 PM | e0a4dc16-8df6-453c-96bd-8da475ac6063 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{E0A4DC16-8DF6-453C-96BD-8DA475AC6063}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 2 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2844 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:35 PM | e0a4dc16-8df6-453c-96bd-8da475ac6063 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "taskhostw.exe" with process ID 3096. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 1 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1388 | 2844 | n-h1-820531-6.cbci-820531-6.local | S-1-5-18 | 1/21/2022 4:14:35 PM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |