| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| User "CBCI-858232-1\N-H2-858232-1$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 109 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2928 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 6:26:32 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{D1869B42-9E6F-4814-89D7-E67181265B4B}" instance of the "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 108 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2920 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 6:00:01 AM | d1869b42-9e6f-4814-89d7-e67181265b4b | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" , instance "{D1869B42-9E6F-4814-89D7-E67181265B4B}" , action "%SystemRoot%\System32\wsqmcons.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 107 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2920 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 6:00:01 AM | d1869b42-9e6f-4814-89d7-e67181265b4b | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%SystemRoot%\System32\wsqmcons.exe" in instance "{D1869B42-9E6F-4814-89D7-E67181265B4B}" of task "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 106 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2920 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 6:00:01 AM | d1869b42-9e6f-4814-89d7-e67181265b4b | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{D1869B42-9E6F-4814-89D7-E67181265B4B}" instance of the "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 105 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2920 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 6:00:01 AM | d1869b42-9e6f-4814-89d7-e67181265b4b | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" , instance "%SystemRoot%\System32\wsqmcons.exe" with process ID 4416. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 104 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2920 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 6:00:01 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{D1869B42-9E6F-4814-89D7-E67181265B4B}" instance of task "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" due to a time trigger condition. | 107 | 0 | | 4 | 107 | 0 | -9223372036854775808 | 103 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2920 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 6:00:01 AM | d1869b42-9e6f-4814-89d7-e67181265b4b | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered on scheduler | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-858232-1\N-H2-858232-1$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 102 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2864 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 5:56:31 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-858232-1\N-H2-858232-1$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 101 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2168 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 5:26:31 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{A4485B4F-40D9-4A90-AF40-6FF5B49C4FDE}" instance of the "\Microsoft\Windows\Autochk\Proxy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 100 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 5:06:01 AM | a4485b4f-40d9-4a90-af40-6ff5b49c4fde | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Autochk\Proxy" , instance "{A4485B4F-40D9-4A90-AF40-6FF5B49C4FDE}" , action "%windir%\system32\rundll32.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 99 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 5:06:01 AM | a4485b4f-40d9-4a90-af40-6ff5b49c4fde | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\rundll32.exe" in instance "{A4485B4F-40D9-4A90-AF40-6FF5B49C4FDE}" of task "\Microsoft\Windows\Autochk\Proxy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 98 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 5:06:01 AM | a4485b4f-40d9-4a90-af40-6ff5b49c4fde | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{A4485B4F-40D9-4A90-AF40-6FF5B49C4FDE}" instance of the "\Microsoft\Windows\Autochk\Proxy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 97 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 5:06:01 AM | a4485b4f-40d9-4a90-af40-6ff5b49c4fde | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Autochk\Proxy" , instance "%windir%\system32\rundll32.exe" with process ID 3784. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 96 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 5:06:01 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{A4485B4F-40D9-4A90-AF40-6FF5B49C4FDE}" instance of task "\Microsoft\Windows\Autochk\Proxy" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 95 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 5:06:01 AM | a4485b4f-40d9-4a90-af40-6ff5b49c4fde | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-858232-1\N-H2-858232-1$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 94 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2592 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:56:31 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "NT AUTHORITY\SYSTEM" updated Task Scheduler task "\Microsoft\Windows\WindowsUpdate\Scheduled Start" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 93 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2592 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:56:17 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{AACA5EF5-7F32-486B-A2FF-C262E3E3A389}" instance of the "\Microsoft\XblGameSave\XblGameSaveTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 92 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2864 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:36:00 AM | aaca5ef5-7f32-486b-a2ff-c262e3e3a389 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\XblGameSave\XblGameSaveTask" , instance "{AACA5EF5-7F32-486B-A2FF-C262E3E3A389}" , action "%windir%\System32\XblGameSaveTask.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 91 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2864 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:36:00 AM | aaca5ef5-7f32-486b-a2ff-c262e3e3a389 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\System32\XblGameSaveTask.exe" in instance "{AACA5EF5-7F32-486B-A2FF-C262E3E3A389}" of task "\Microsoft\XblGameSave\XblGameSaveTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 90 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2864 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:36:00 AM | aaca5ef5-7f32-486b-a2ff-c262e3e3a389 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{AACA5EF5-7F32-486B-A2FF-C262E3E3A389}" instance of the "\Microsoft\XblGameSave\XblGameSaveTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 89 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2864 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:36:00 AM | aaca5ef5-7f32-486b-a2ff-c262e3e3a389 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\XblGameSave\XblGameSaveTask" , instance "%windir%\System32\XblGameSaveTask.exe" with process ID 5008. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 88 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2864 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:36:00 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "System" disabled Task Scheduler task "\Microsoft\Windows\UpdateOrchestrator\Resume On Boot" | 142 | 0 | | 4 | 142 | 0 | -9223372036854775808 | 87 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2168 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:31:00 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task disabled | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-858232-1\N-H2-858232-1$" updated Task Scheduler task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 86 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:31:00 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{2BE89B28-AFD0-4A15-BF41-34273B9AB3FD}" instance of the "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 85 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:31:00 AM | 2be89b28-afd0-4a15-bf41-34273b9ab3fd | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" , instance "{2BE89B28-AFD0-4A15-BF41-34273B9AB3FD}" , action "%systemroot%\system32\usoclient.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 84 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:31:00 AM | 2be89b28-afd0-4a15-bf41-34273b9ab3fd | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "System" updated Task Scheduler task "\Microsoft\Windows\UpdateOrchestrator\Resume On Boot" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 83 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2168 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:31:00 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{B31FDABD-AE45-491F-9386-7828FCCBC7D4}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 82 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:30:59 AM | b31fdabd-ae45-491f-9386-7828fccbc7d4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "{B31FDABD-AE45-491F-9386-7828FCCBC7D4}" , action "%windir%\system32\wermgr.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 81 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:30:59 AM | b31fdabd-ae45-491f-9386-7828fccbc7d4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%systemroot%\system32\usoclient.exe" in instance "{2BE89B28-AFD0-4A15-BF41-34273B9AB3FD}" of task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 80 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:30:59 AM | 2be89b28-afd0-4a15-bf41-34273b9ab3fd | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{2BE89B28-AFD0-4A15-BF41-34273B9AB3FD}" instance of the "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 79 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:30:59 AM | 2be89b28-afd0-4a15-bf41-34273b9ab3fd | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" , instance "%systemroot%\system32\usoclient.exe" with process ID 3104. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 78 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:30:59 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\wermgr.exe" in instance "{B31FDABD-AE45-491F-9386-7828FCCBC7D4}" of task "\Microsoft\Windows\Windows Error Reporting\QueueReporting". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 77 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2168 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:30:59 AM | b31fdabd-ae45-491f-9386-7828fccbc7d4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{B31FDABD-AE45-491F-9386-7828FCCBC7D4}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 76 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2168 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:30:59 AM | b31fdabd-ae45-491f-9386-7828fccbc7d4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "%windir%\system32\wermgr.exe" with process ID 2932. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 75 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2168 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:30:59 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler could not launch task "\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" as scheduled. Instance "{2BE89B28-AFD0-4A15-BF41-34273B9AB3FD}" is started now as required by the configuration option to start the task when available, if schedule is missed. | 114 | 0 | | 3 | 114 | 0 | -9223372036854775808 | 74 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:30:59 AM | 2be89b28-afd0-4a15-bf41-34273b9ab3fd | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | Missed task started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler could not launch task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" as scheduled. Instance "{B31FDABD-AE45-491F-9386-7828FCCBC7D4}" is started now as required by the configuration option to start the task when available, if schedule is missed. | 114 | 0 | | 3 | 114 | 0 | -9223372036854775808 | 73 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2168 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:30:59 AM | b31fdabd-ae45-491f-9386-7828fccbc7d4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | Missed task started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{5683AFC0-909E-4A9F-A72C-9D9A7C41E2A4}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 72 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2592 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:29:00 AM | 5683afc0-909e-4a9f-a72c-9d9a7c41e2a4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "{5683AFC0-909E-4A9F-A72C-9D9A7C41E2A4}" , action "%windir%\system32\wermgr.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 71 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2592 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:29:00 AM | 5683afc0-909e-4a9f-a72c-9d9a7c41e2a4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\wermgr.exe" in instance "{5683AFC0-909E-4A9F-A72C-9D9A7C41E2A4}" of task "\Microsoft\Windows\Windows Error Reporting\QueueReporting". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 70 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2592 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:29:00 AM | 5683afc0-909e-4a9f-a72c-9d9a7c41e2a4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{5683AFC0-909E-4A9F-A72C-9D9A7C41E2A4}" instance of the "\Microsoft\Windows\Windows Error Reporting\QueueReporting" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 69 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2592 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:29:00 AM | 5683afc0-909e-4a9f-a72c-9d9a7c41e2a4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" , instance "%windir%\system32\wermgr.exe" with process ID 3752. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 68 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2592 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:29:00 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{5683AFC0-909E-4A9F-A72C-9D9A7C41E2A4}" instance of task "\Microsoft\Windows\Windows Error Reporting\QueueReporting" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 67 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2592 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:29:00 AM | 5683afc0-909e-4a9f-a72c-9d9a7c41e2a4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-858232-1\N-H2-858232-1$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 66 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2592 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:28:32 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{6ACA5F1B-6192-4F80-B92D-263E184C0111}" instance of the "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 65 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:27:49 AM | 6aca5f1b-6192-4f80-b92d-263e184c0111 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" , instance "{6ACA5F1B-6192-4F80-B92D-263E184C0111}" , action "%windir%\system32\compattelrunner.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 64 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:27:49 AM | 6aca5f1b-6192-4f80-b92d-263e184c0111 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{3D987797-F87D-46A0-88C9-02B4E9D2E02A}" instance of the "\Microsoft\Windows\Software Inventory Logging\Configuration" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 63 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2920 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:27:00 AM | 3d987797-f87d-46a0-88c9-02b4e9d2e02a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Software Inventory Logging\Configuration" , instance "{3D987797-F87D-46A0-88C9-02B4E9D2E02A}" , action "%systemroot%\system32\cmd.exe" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 62 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2920 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:27:00 AM | 3d987797-f87d-46a0-88c9-02b4e9d2e02a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%systemroot%\system32\cmd.exe" in instance "{3D987797-F87D-46A0-88C9-02B4E9D2E02A}" of task "\Microsoft\Windows\Software Inventory Logging\Configuration". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 61 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:27:00 AM | 3d987797-f87d-46a0-88c9-02b4e9d2e02a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{3D987797-F87D-46A0-88C9-02B4E9D2E02A}" instance of the "\Microsoft\Windows\Software Inventory Logging\Configuration" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 60 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:27:00 AM | 3d987797-f87d-46a0-88c9-02b4e9d2e02a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Software Inventory Logging\Configuration" , instance "%systemroot%\system32\cmd.exe" with process ID 924. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 59 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:27:00 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{3D987797-F87D-46A0-88C9-02B4E9D2E02A}" instance of task "\Microsoft\Windows\Software Inventory Logging\Configuration" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 58 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:27:00 AM | 3d987797-f87d-46a0-88c9-02b4e9d2e02a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{276E7C3D-4D70-42C0-81D8-EC6B91158A0F}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 57 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1584 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:45 AM | 276e7c3d-4d70-42c0-81d8-ec6b91158a0f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{276E7C3D-4D70-42C0-81D8-EC6B91158A0F}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 56 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1584 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:45 AM | 276e7c3d-4d70-42c0-81d8-ec6b91158a0f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{276E7C3D-4D70-42C0-81D8-EC6B91158A0F}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 55 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1584 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:45 AM | 276e7c3d-4d70-42c0-81d8-ec6b91158a0f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{276E7C3D-4D70-42C0-81D8-EC6B91158A0F}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 54 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1584 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:45 AM | 276e7c3d-4d70-42c0-81d8-ec6b91158a0f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "taskhostw.exe" with process ID 3112. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 53 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1584 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:45 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{FDD56398-AC41-4253-A259-2601915F4826}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 52 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2284 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:45 AM | fdd56398-ac41-4253-a259-2601915f4826 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{FDD56398-AC41-4253-A259-2601915F4826}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 51 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2284 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:45 AM | fdd56398-ac41-4253-a259-2601915f4826 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{B2A8FB51-B722-43A7-848A-DE3FB6E7734A}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 50 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2284 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:45 AM | b2a8fb51-b722-43a7-848a-de3fb6e7734a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "{B2A8FB51-B722-43A7-848A-DE3FB6E7734A}" , action "Device Installation Group Policy Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 49 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2284 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:45 AM | b2a8fb51-b722-43a7-848a-de3fb6e7734a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Device Installation Group Policy Task Handler" in instance "{B2A8FB51-B722-43A7-848A-DE3FB6E7734A}" of task "\Microsoft\Windows\Plug and Play\Device Install Group Policy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 48 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:45 AM | b2a8fb51-b722-43a7-848a-de3fb6e7734a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{B2A8FB51-B722-43A7-848A-DE3FB6E7734A}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 47 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:45 AM | b2a8fb51-b722-43a7-848a-de3fb6e7734a | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{FDD56398-AC41-4253-A259-2601915F4826}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 46 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:45 AM | fdd56398-ac41-4253-a259-2601915f4826 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{FDD56398-AC41-4253-A259-2601915F4826}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 45 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:45 AM | fdd56398-ac41-4253-a259-2601915f4826 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "taskhostw.exe" with process ID 3788. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 44 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:45 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| User "CBCI-858232-1\N-H2-858232-1$" updated Task Scheduler task "\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" | 140 | 0 | | 4 | 140 | 0 | -9223372036854775808 | 43 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:40 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task registration updated | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{5F18C4D2-B736-44AF-A939-3E16B364220F}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 42 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:35 AM | 5f18c4d2-b736-44af-a939-3e16b364220f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{5F18C4D2-B736-44AF-A939-3E16B364220F}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 41 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:35 AM | 5f18c4d2-b736-44af-a939-3e16b364220f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{5F18C4D2-B736-44AF-A939-3E16B364220F}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 40 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:35 AM | 5f18c4d2-b736-44af-a939-3e16b364220f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{5F18C4D2-B736-44AF-A939-3E16B364220F}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 39 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:35 AM | 5f18c4d2-b736-44af-a939-3e16b364220f | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "taskhostw.exe" with process ID 3940. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 38 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:35 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{C6BFC292-CDD5-420A-A1B7-45C1671AF22D}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 37 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2928 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:35 AM | c6bfc292-cdd5-420a-a1b7-45c1671af22d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "{C6BFC292-CDD5-420A-A1B7-45C1671AF22D}" , action "Device Installation Group Policy Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 36 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2928 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:35 AM | c6bfc292-cdd5-420a-a1b7-45c1671af22d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Device Installation Group Policy Task Handler" in instance "{C6BFC292-CDD5-420A-A1B7-45C1671AF22D}" of task "\Microsoft\Windows\Plug and Play\Device Install Group Policy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 35 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2928 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:35 AM | c6bfc292-cdd5-420a-a1b7-45c1671af22d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{C6BFC292-CDD5-420A-A1B7-45C1671AF22D}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 34 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2928 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:35 AM | c6bfc292-cdd5-420a-a1b7-45c1671af22d | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "taskhostw.exe" with process ID 3408. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 33 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2928 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:35 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{E8FB2991-90B9-4225-9822-D9BC09961888}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 32 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1584 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:35 AM | e8fb2991-90b9-4225-9822-d9bc09961888 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{E8FB2991-90B9-4225-9822-D9BC09961888}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 31 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1584 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:35 AM | e8fb2991-90b9-4225-9822-d9bc09961888 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{E8FB2991-90B9-4225-9822-D9BC09961888}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 30 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1584 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:35 AM | e8fb2991-90b9-4225-9822-d9bc09961888 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{E8FB2991-90B9-4225-9822-D9BC09961888}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 29 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1584 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:35 AM | e8fb2991-90b9-4225-9822-d9bc09961888 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "taskhostw.exe" with process ID 3120. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 28 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1584 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:35 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{D36303FF-8189-426B-8333-ADF01F20C411}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 27 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:10 AM | d36303ff-8189-426b-8333-adf01f20c411 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{D36303FF-8189-426B-8333-ADF01F20C411}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 26 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:10 AM | d36303ff-8189-426b-8333-adf01f20c411 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{D36303FF-8189-426B-8333-ADF01F20C411}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 25 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:10 AM | d36303ff-8189-426b-8333-adf01f20c411 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{D36303FF-8189-426B-8333-ADF01F20C411}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 24 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:10 AM | d36303ff-8189-426b-8333-adf01f20c411 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "taskhostw.exe" with process ID 4052. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 23 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:10 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched "{D36303FF-8189-426B-8333-ADF01F20C411}" instance of task "\Microsoft\Windows\CertificateServicesClient\SystemTask" due to system startup. | 118 | 0 | | 4 | 118 | 0 | -9223372036854775808 | 22 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:10 AM | d36303ff-8189-426b-8333-adf01f20c411 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Task triggered by computer startup | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{3749505D-A51F-4134-8CF9-B197E367BF8E}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 21 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:10 AM | 3749505d-a51f-4134-8cf9-b197e367bf8e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\CertificateServicesClient\SystemTask" , instance "{3749505D-A51F-4134-8CF9-B197E367BF8E}" , action "Certificate Services Client Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 20 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:10 AM | 3749505d-a51f-4134-8cf9-b197e367bf8e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{7D5F05A0-D785-46DE-828B-135C23631F8E}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 19 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:09 AM | 7d5f05a0-d785-46de-828b-135c23631f8e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\Plug and Play\Device Install Group Policy" , instance "{7D5F05A0-D785-46DE-828B-135C23631F8E}" , action "Device Installation Group Policy Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 18 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:09 AM | 7d5f05a0-d785-46de-828b-135c23631f8e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{28130258-E772-4FAE-8341-EA570EE6D1E4}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 17 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:09 AM | 28130258-e772-4fae-8341-ea570ee6d1e4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{28130258-E772-4FAE-8341-EA570EE6D1E4}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 16 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2828 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:09 AM | 28130258-e772-4fae-8341-ea570ee6d1e4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{28130258-E772-4FAE-8341-EA570EE6D1E4}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 15 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 3736 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:09 AM | 28130258-e772-4fae-8341-ea570ee6d1e4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{28130258-E772-4FAE-8341-EA570EE6D1E4}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 14 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 3736 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:09 AM | 28130258-e772-4fae-8341-ea570ee6d1e4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully finished "{54503328-AFAA-4C4E-96EA-0B14113C9702}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 102 | 0 | | 4 | 102 | 2 | -9223372036854775807 | 13 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:09 AM | 54503328-afaa-4c4e-96ea-0b14113c9702 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Task completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler successfully completed task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "{54503328-AFAA-4C4E-96EA-0B14113C9702}" , action "TPM Maintenance Task Handler" with return code 0. | 201 | 2 | | 4 | 201 | 2 | -9223372036854775808 | 12 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1868 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:09 AM | 54503328-afaa-4c4e-96ea-0b14113c9702 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Stop | Action completed | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler queued instance "{28130258-E772-4FAE-8341-EA570EE6D1E4}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance" and will launch it as soon as instance "{54503328-AFAA-4C4E-96EA-0B14113C9702}" completes. | 324 | 0 | | 3 | 324 | 0 | -9223372036854775808 | 11 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1584 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:04 AM | 28130258-e772-4fae-8341-ea570ee6d1e4 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Warning | Info | Launch request queued, instance already running | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Device Installation Group Policy Task Handler" in instance "{7D5F05A0-D785-46DE-828B-135C23631F8E}" of task "\Microsoft\Windows\Plug and Play\Device Install Group Policy". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 10 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2168 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:04 AM | 7d5f05a0-d785-46de-828b-135c23631f8e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{7D5F05A0-D785-46DE-828B-135C23631F8E}" instance of the "\Microsoft\Windows\Plug and Play\Device Install Group Policy" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 9 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2168 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:04 AM | 7d5f05a0-d785-46de-828b-135c23631f8e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "Certificate Services Client Task Handler" in instance "{3749505D-A51F-4134-8CF9-B197E367BF8E}" of task "\Microsoft\Windows\CertificateServicesClient\SystemTask". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 8 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2168 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:04 AM | 3749505d-a51f-4134-8cf9-b197e367bf8e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{3749505D-A51F-4134-8CF9-B197E367BF8E}" instance of the "\Microsoft\Windows\CertificateServicesClient\SystemTask" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 7 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2168 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:04 AM | 3749505d-a51f-4134-8cf9-b197e367bf8e | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "%windir%\system32\compattelrunner.exe" in instance "{6ACA5F1B-6192-4F80-B92D-263E184C0111}" of task "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 6 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1836 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:01 AM | 6aca5f1b-6192-4f80-b92d-263e184c0111 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{6ACA5F1B-6192-4F80-B92D-263E184C0111}" instance of the "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 5 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1836 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:01 AM | 6aca5f1b-6192-4f80-b92d-263e184c0111 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" , instance "%windir%\system32\compattelrunner.exe" with process ID 2148. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 4 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 1836 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:01 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launched action "TPM Maintenance Task Handler" in instance "{54503328-AFAA-4C4E-96EA-0B14113C9702}" of task "\Microsoft\Windows\TPM\Tpm-Maintenance". | 200 | 1 | | 4 | 200 | 1 | -9223372036854775808 | 3 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2916 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:01 AM | 54503328-afaa-4c4e-96ea-0b14113c9702 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Action started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler started "{54503328-AFAA-4C4E-96EA-0B14113C9702}" instance of the "\Microsoft\Windows\TPM\Tpm-Maintenance" task for user "NT AUTHORITY\SYSTEM". | 100 | 0 | | 4 | 100 | 1 | -9223372036854775807 | 2 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2916 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:01 AM | 54503328-afaa-4c4e-96ea-0b14113c9702 | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Start | Task Started | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Task Scheduler launch task "\Microsoft\Windows\TPM\Tpm-Maintenance" , instance "taskhostw.exe" with process ID 2980. | 129 | 0 | | 4 | 129 | 0 | -9223372036854775808 | 1 | Microsoft-Windows-TaskScheduler | de7b24ea-73c8-4a09-985d-5bdadcfa9017 | Microsoft-Windows-TaskScheduler/Operational | 1440 | 2916 | n-h2-858232-1.cbci-858232-1.local | S-1-5-18 | 9/17/2022 4:26:01 AM | | | microsoft-windows-taskscheduler/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Created Task Process | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |