Scribd
Upload
427 views8 pages

WTF

-------------------------------------------------------------------------------- Start time: 2022-08-03 01:53:01Z Process: 39e4.1d8a6dbc34c3313 Command: /stub 1.1.18500.10 /payload 1.1.19400.3 /MpWUStub /program C:\Windows\SoftwareDistribution\Download\Install\AM_Engine_Patch_1.1.19200.6.exe Administrator: yes Version: 1.1.18500.10 ================================ ProductSearch ================================= Microsoft Windows Defender (RS1+):

Uploaded by

Megan Devine
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
427 views8 pages

WTF

-------------------------------------------------------------------------------- Start time: 2022-08-03 01:53:01Z Process: 39e4.1d8a6dbc34c3313 Command: /stub 1.1.18500.10 /payload 1.1.19400.3 /MpWUStub /program C:\Windows\SoftwareDistribution\Download\Install\AM_Engine_Patch_1.1.19200.6.exe Administrator: yes Version: 1.1.18500.10 ================================ ProductSearch ================================= Microsoft Windows Defender (RS1+):

Uploaded by

Megan Devine
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 8

Timestamp Process TID Area Category EventID Level Message

Correlation
07/31/2022 13:37:49.394 OFFICEC2 (0x58d4) 0x470 Orapi cpknf Medium
Successfully got the registry values
07/31/2022 13:37:49.394 OFFICEC2 (0x58d4) 0x470
OfficeTelemetry_RuleProcessing axbjw Medium
OTele_ETW_TDC_LoadingRulesStarted {"ETW_EventId": 119, "ETW_Keywords": 4}
07/31/2022 13:37:49.394 OFFICEC2 (0x58d4) 0x470 Activity bjtct Medium
ActivityStarted {"Name": "Office.Telemetry.LoadXmlRules", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.5.1", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.400 OFFICEC2 (0x58d4) 0x470 OfficeTelemetry_PerfMetrics
axbjw Medium RuleFieldNamesImpact {"ETW_EventId": 196, "ETW_Keywords":
128, "cbMemory": 2878, "count": 95}
07/31/2022 13:37:49.411 OFFICEC2 (0x58d4) 0x6578 Click-To-Run General
Telemetry aqkhc Medium InitLogging {"MachineId":
"d3a6101cb12ed847bf92647df31428cc", "SessionID": "51f7799b-3ef9-4233-b4fe-
49119ca59a0a", "GeoID": 244, "Ver": "0.0.0.0", "C2RClientVer": "16.0.15330.20260",
"ContextData":
"{\"AppVVersion\":\"10.0.22000.469\",\"Bitness\":\"64\",\"CommandLine\":\"/
frequentupdate SCHEDULEDTASK
displaylevel=False\",\"ExeVer\":\"16.0.15330.20260\",\"IntegrityLevel\":\"0x4000\",
\"Locale\":\"1033\",\"ModulePath\":\"C:\\\\Program Files\\\\Common Files\\\\
Microsoft Shared\\\\ClickToRun\\\\
OfficeC2RClient.exe\",\"OSVersion\":\"10.0\",\"ProcessType\":\"OfficeC2RClient\",\"
ProcessorArch\":\"9\",\"ProductType\":\"1\",\"SecuritySessionId\":\"0\"}"}
07/31/2022 13:37:49.411 OFFICEC2 (0x58d4) 0x6578 Activity bjtct Medium
ActivityStarted {"Name": "Office.ClickToRun.C2RClient", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.9", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.411 OFFICEC2 (0x58d4) 0x6578 Click-To-Run 8f5y1
Medium WaitForFlightInfo {"MachineId":
"d3a6101cb12ed847bf92647df31428cc", "SessionID": "51f7799b-3ef9-4233-b4fe-
49119ca59a0a", "GeoID": 244, "Ver": "0.0.0.0", "C2RClientVer": "16.0.15330.20260",
"ContextData": "{\"message\":\"Wait
complete\",\"timeSlept\":\"0\",\"gotFlights\":\"True\"}"}
07/31/2022 13:37:49.412 OFFICEC2 (0x58d4) 0x6578 Click-To-Run bhltg
Medium Core::GetFlightData {"MachineId":
"d3a6101cb12ed847bf92647df31428cc", "SessionID": "51f7799b-3ef9-4233-b4fe-
49119ca59a0a", "GeoID": 244, "Ver": "0.0.0.0", "C2RClientVer": "16.0.15330.20260",
"ContextData":
"{'flightIdentifier':'Microsoft.Office.Click2Run.UseOfficeHelperAddon','overrideVal
ue':'','flightData':'','returnValue':'unknown'}"}
07/31/2022 13:37:49.412 OFFICEC2 (0x58d4) 0x6578 Click-To-Run bhltg
Medium Core::GetFlightData {"MachineId":
"d3a6101cb12ed847bf92647df31428cc", "SessionID": "51f7799b-3ef9-4233-b4fe-
49119ca59a0a", "GeoID": 244, "Ver": "0.0.0.0", "C2RClientVer": "16.0.15330.20260",
"ContextData":
"{'flightIdentifier':'Microsoft.Office.Click2Run.UseOutlookShareAddon','overrideVal
ue':'','flightData':'','returnValue':'unknown'}"}
07/31/2022 13:37:49.412 OFFICEC2 (0x58d4) 0x6578 Click-To-Run bhltg
Medium Core::GetFlightData {"MachineId":
"d3a6101cb12ed847bf92647df31428cc", "SessionID": "51f7799b-3ef9-4233-b4fe-
49119ca59a0a", "GeoID": 244, "Ver": "0.0.0.0", "C2RClientVer": "16.0.15330.20260",
"ContextData":
"{'flightIdentifier':'Microsoft.Office.Click2Run.UseTeamsOnInstallConsumer','overri
deValue':'','flightData':'','returnValue':'unknown'}"}
07/31/2022 13:37:49.412 OFFICEC2 (0x58d4) 0x6578 Click-To-Run bhltg
Medium Core::GetFlightData {"MachineId":
"d3a6101cb12ed847bf92647df31428cc", "SessionID": "51f7799b-3ef9-4233-b4fe-
49119ca59a0a", "GeoID": 244, "Ver": "0.0.0.0", "C2RClientVer": "16.0.15330.20260",
"ContextData":
"{'flightIdentifier':'Microsoft.Office.Click2Run.UseTeamsOnUpdateConsumer','overrid
eValue':'','flightData':'','returnValue':'unknown'}"}
07/31/2022 13:37:49.413 OFFICEC2 (0x58d4) 0x6578 Click-To-Run cfbm2
Medium DoFrequentUpdates {"MachineId":
"d3a6101cb12ed847bf92647df31428cc", "SessionID": "51f7799b-3ef9-4233-b4fe-
49119ca59a0a", "GeoID": 244, "Ver": "16.0.15330.20264", "C2RClientVer":
"16.0.15330.20260", "ContextData": "{\"message\":\"Running frequent
updates\",\"hours\":\"24\"}"}
07/31/2022 13:37:49.414 OFFICEC2 (0x58d4) 0x6578 Click-To-Run b5k1x
Medium DoFrequentUpdates {"MachineId":
"d3a6101cb12ed847bf92647df31428cc", "SessionID": "51f7799b-3ef9-4233-b4fe-
49119ca59a0a", "GeoID": 244, "Ver": "16.0.15330.20264", "C2RClientVer":
"16.0.15330.20260", "ContextData": "{\"message\":\"Less than a day since last
update run, just trying to apply!\",\"time\":\"270099\"}"}
07/31/2022 13:37:49.415 OFFICEC2 (0x58d4) 0x6578 Click-To-Run azfea
Medium ::wWinMain {"MachineId": "d3a6101cb12ed847bf92647df31428cc",
"SessionID": "51f7799b-3ef9-4233-b4fe-49119ca59a0a", "GeoID": 244, "Ver":
"16.0.15330.20264", "C2RClientVer": "16.0.15330.20260", "ContextData": "ClientExe
complete. {'Action':'19','Result':'0'}"}
07/31/2022 13:37:49.415 OFFICEC2 (0x58d4) 0x6578 Activity bjtcw Medium
ActivityEnded {"Name": "Office.ClickToRun.C2RClient", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.9", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.415 OFFICEC2 (0x58d4) 0x6578 Activity bjtct Medium
ActivityStarted {"Name": "Office.Telemetry.DynamicConfig.FetchConfigs", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.418 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.1", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.418 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.2", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.418 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.3", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.419 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.4", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.419 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.5", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.419 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.6", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.420 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.7", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.420 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.8", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.420 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.9", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.420 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.10", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.424 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.11", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.425 OFFICEC2 (0x58d4) 0x470 Activity bjtco Medium
DroppedAggregatedActivity {"Name": "Office.Identity.GetBlockingService",
"CV": "aGZ5SHeoqUWqujQv+L2FGw.5.1.1", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.427 OFFICEC2 (0x58d4) 0x470 Activity bjtcw Medium
ActivityEnded {"Name": "Office.Telemetry.LoadXmlRules", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.5.1", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.427 OFFICEC2 (0x58d4) 0x470 Telemetry Event biyhq Medium
SendEvent {"EventName": "Office.Telemetry.LoadXmlRules", "Flags":
33777014401990913, "InternalSequenceNumber": 11, "Time": "2022-07-31T18:37:49Z",
"AriaTenantToken": "f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-
6afac5325183-7405", "Contract": "Office.System.Activity", "Activity.CV":
"aGZ5SHeoqUWqujQv+L2FGw.5.1", "Activity.Duration": 33241, "Activity.Count": 1,
"Activity.AggMode": 0, "Activity.Success": true, "Activity.Result.Code": 0,
"Activity.Result.Type": "HRESULT"}
07/31/2022 13:37:49.429 OFFICEC2 (0x58d4) 0x470 Activity bjtcw Medium
ActivityEnded {"Name": "Office.Telemetry.ProcessIdleQueueJob", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.5", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.429 OFFICEC2 (0x58d4) 0x470 Telemetry Event biyhq Medium
SendEvent {"EventName": "Office.Telemetry.ProcessIdleQueueJob", "Flags":
33777014401990913, "InternalSequenceNumber": 12, "Time": "2022-07-31T18:37:49Z",
"AriaTenantToken": "f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-
6afac5325183-7405", "Contract": "Office.System.Activity", "Activity.CV":
"aGZ5SHeoqUWqujQv+L2FGw.5", "Activity.Duration": 37438, "Activity.Count": 1,
"Activity.AggMode": 0, "Activity.Success": true}
07/31/2022 13:37:49.429 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.12", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.430 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.13", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.430 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.14", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.430 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.15", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.430 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.16", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.430 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.17", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.432 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.18", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.432 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.19", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.432 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.20", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.432 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.21", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.432 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.22", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.432 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.23", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.433 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.24", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.434 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.25", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.434 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.26", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.434 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.27", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.435 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.28", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.435 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.29", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.435 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.30", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.435 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.31", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.435 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.32", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.435 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.33", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.435 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.34", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.436 OFFICEC2 (0x58d4) 0x6578 Activity bjtco Medium
DroppedAggregatedActivity {"Name":
"Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10.35", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.436 OFFICEC2 (0x58d4) 0x6578 Activity bjtcw Medium
ActivityEnded {"Name": "Office.Telemetry.DynamicConfig.FetchConfigs", "CV":
"aGZ5SHeoqUWqujQv+L2FGw.10", "ProcessIdentifier":
"OfficeC2RClient.exe_16.0.15330.20260_X86_{48796668-A877-45A9-AABA-342FF8BD851B}"}
07/31/2022 13:37:49.436 OFFICEC2 (0x58d4) 0x6578 Telemetry Event biyhq
Medium SendEvent {"EventName":
"Office.Telemetry.DynamicConfig.FetchConfigs", "Flags": 33777014401990913,
"InternalSequenceNumber": 13, "Time": "2022-07-31T18:37:49Z", "AriaTenantToken":
"f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405",
"Contract": "Office.System.Activity", "Activity.CV": "aGZ5SHeoqUWqujQv+L2FGw.10",
"Activity.Duration": 20569, "Activity.Count": 1, "Activity.AggMode": 0,
"Activity.Success": true, "Data.RejectedConfigsList": "", "Data.ParsedConfigCount":
35, "Data.RejectedConfigCount": 0}
07/31/2022 13:37:49.436 OFFICEC2 (0x58d4) 0x6578 Telemetry Event bsq69
Monitorable Deactivated event detected. {"EventName":
"Office.Experimentation.LoadingFirstSessionCache", "IsFromRule": false}
07/31/2022 13:37:49.436 OFFICEC2 (0x58d4) 0x6578 Telemetry Event bsq69
Monitorable Deactivated event detected. {"EventName":
"Office.Licensing.Tenant.InitTenantId", "IsFromRule": false}
07/31/2022 13:37:49.436 OFFICEC2 (0x58d4) 0x6578 Telemetry Event biyhq
Medium SendEvent {"EventName": "Office.Telemetry.FlushEventBuffer",
"Flags": 33777014401991169, "InternalSequenceNumber": 14, "Time": "2022-07-
31T18:37:49Z", "AriaTenantToken": "f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-
4dc5-9dbb-6afac5325183-7405", "Data.FirstPassCount": 13, "Data.SecondPassCount": 0}
07/31/2022 13:37:49.438 OFFICEC2 (0x58d4) 0x6578 Telemetry Event biyhq
Medium SendEvent {"EventName":
"Office.Experimentation.FeatureQueryBatched", "Flags": 33777005812056321,
"InternalSequenceNumber": 15, "Time": "2022-07-31T18:37:49Z", "AriaTenantToken":
"e6e58d16cfb94942b795b4918258153a-765be17b-66ea-435e-8b55-5a128f3decd3-6873",
"Data.Sequence": 0, "Data.Count": 42, "Data.Features": "[ { \"ID\" :
37, \"N\" : \"Microsoft.Office.Click2Run.UseIsC2RXVirtualizationAPI\", \"V\" :
true, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-31T18:37:49.3653365Z\", \"C\" : \"\",
\"Q\" : 11.0, \"M\" : 0, \"F\" : 5, \"G\" : \"Opt\" }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Telemetry.TrackCPSWrites\", \"V\" : false, \"S\" :
1, \"P\" : 0, \"T\" : \"2022-07-31T18:37:49.3653365Z\", \"C\" : \"33\", \"Q\" :
5.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Telemetry.CPSMaxWrites\", \"V\" : 2, \"S\" :
1, \"P\" : 0, \"T\" : \"2022-07-31T18:37:49.3653365Z\", \"C\" : \"33\", \"Q\" :
19.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Telemetry.CrashPersistenceProcessList\", \"V\" : \"\
", \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3653365Z\", \"C\" : \"33\", \"Q\" : 4.0, \"M\" : 0, \"F\" : 5 },
{ \"ID\" :
37, \"N\" : \"Microsoft.Office.Graphics.TestGate.EnableDirectXDebugLayer\", \"V\" :
false, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3653365Z\", \"C\" : \"33\", \"Q\" : 7.0, \"M\" : 0, \"F\" : 5 },
{ \"ID\" :
37, \"N\" : \"Microsoft.Office.AirSpace.TestGate.UseWincompInAutomation\", \"V\" :
false, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3663756Z\", \"C\" : \"33\", \"Q\" : 4.0, \"M\" : 0, \"F\" : 5 },
{ \"ID\" : 37, \"N\" : \"Microsoft.Office.AirSpace.UseWincompInWin32\", \"V\" :
false, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3663756Z\", \"C\" : \"33\", \"Q\" : 1.0, \"M\" : 0, \"F\" : 5 },
{ \"ID\" : 37, \"N\" : \"Microsoft.Office.AirSpace.LogWinCompForSARA\", \"V\" :
true, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-31T18:37:49.3663756Z\", \"C\" : \"\",
\"Q\" : 2.0, \"M\" : 0, \"F\" : 5, \"G\" : \"Opt\" }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.AirSpace.TestGate.UseHardwareDeviceInAutomation\", \
"V\" : false, \"S\" : 11, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3683677Z\", \"C\" : \"\", \"Q\" : 5.0, \"M\" : 0, \"F\" :
5, \"G\" : \"Opt\" }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Graphics.EnableWin32HardwareAcceleration\", \"V\" :
true, \"S\" : 11, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3683677Z\", \"C\" : \"39\", \"Q\" : 4.0, \"M\" : 0, \"F\" : 5 },
{ \"ID\" : 37, \"N\" : \"Microsoft.Office.Graphics.DrawGlyphPerfFixEnabled\", \"V\"
: true, \"S\" : 11, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3683677Z\", \"C\" : \"1\", \"Q\" : 3.0, \"M\" : 0, \"F\" : 5 },
{ \"ID\" :
37, \"N\" : \"Microsoft.Office.Graphics.CompositionOnlyAdapterSupportEnabled\", \"V
\" : true, \"S\" : 11, \"P\" : 0, \"T\" : \"2022-07-31T18:37:49.3707525Z\", \"C\" :
\"1\", \"Q\" : 7.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Graphics.ChangeGate.CheckDXGIAdapterSoftwareFlag\",
\"V\" : true, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-31T18:37:49.3763489Z\", \"C\"
: \"\", \"Q\" : 4.0, \"M\" : 0, \"F\" : 5, \"G\" : \"Opt\" }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.AirSpace.BlockedGraphicsAdapterCount\", \"V\" :
0, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3773458Z\", \"C\" : \"33\", \"Q\" : 21.0, \"M\" : 0, \"F\" : 5 },
{ \"ID\" : 37, \"N\" : \"Microsoft.Office.Telemetry.DisableTelemetry\", \"V\" :
false, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3863220Z\", \"C\" : \"33\", \"Q\" : 3.0, \"M\" : 0, \"F\" : 5 },
{ \"ID\" :
37, \"N\" : \"Microsoft.Office.Telemetry.ShouldExcludeAllUnknownAppIds\", \"V\" :
true, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-31T18:37:49.3863220Z\", \"C\" : \"\",
\"Q\" : 3.0, \"M\" : 0, \"F\" : 5, \"G\" : \"Opt\" }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Telemetry.AriaAdditionalProcessExclusionList\", \"V\
" : \"\", \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3863220Z\", \"C\" : \"33\", \"Q\" : 6.0, \"M\" : 0, \"F\" : 5 },
{ \"ID\" :
37, \"N\" : \"Microsoft.Office.Telemetry.EnableAllAppIdsFor1DS\", \"V\" :
true, \"S\" : 0, \"P\" : 0, \"T\" : \"2022-07-31T18:37:49.3863220Z\", \"C\" : \"\",
\"Q\" : 1.0, \"M\" : 0, \"F\" : 5, \"G\" : \"Opt\" }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.UXPlatform.UIColor.ShouldReduceColorTableRebuilds\",
\"V\" : true, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-31T18:37:49.3873175Z\", \"C\"
: \"\", \"Q\" : 3.0, \"M\" : 0, \"F\" : 5, \"G\" : \"Opt\" }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Telemetry.ULSQueueSizeInKilobytes\", \"V\" :
5120, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3913067Z\", \"C\" : \"33\", \"Q\" : 14.0, \"M\" : 0, \"F\" : 5 },
{ \"ID\" :
37, \"N\" : \"Microsoft.Office.Experimentation.UsePersistentInternalConfig\", \"V\"
: false, \"S\" : 11, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3923065Z\", \"C\" : \"\", \"Q\" : 4.0, \"M\" : 0, \"F\" :
5, \"G\" : \"Opt\" }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Experimentation.FeatureQueryLogger.EnableStaticLoggi
ng\", \"V\" : true, \"S\" : 0, \"P\" : 0, \"T\" : \"2022-07-31T18:37:49.3923065Z\",
\"C\" : \"\", \"Q\" : 2.0, \"M\" : 0, \"F\" : 52, \"G\" : \"Opt\" }, { \"ID\" : 37,
\"N\" : \"Microsoft.Office.Telemetry.Sampling.NumberlinePosition\", \"V\" :
200, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3933018Z\", \"C\" : \"33\", \"Q\" : 15.0, \"M\" : 0, \"F\" : 52 },
{ \"ID\" :
37, \"N\" : \"Microsoft.Office.Telemetry.Sampling.SamplingRatePerTenThousand\", \"V
\" : 200, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3933018Z\", \"C\" : \"33\", \"Q\" : 4.0, \"M\" : 0, \"F\" : 52 },
{ \"ID\" : 37, \"N\" : \"Microsoft.Office.Telemetry.ExcludeFromSampling\", \"V\" :
false, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3933018Z\", \"C\" : \"1\", \"Q\" : 16.0, \"M\" : 0, \"F\" : 52 },
{ \"ID\" : 37, \"N\" : \"Microsoft.Office.Telemetry.PrivacyGuardVerbose\", \"V\" :
false, \"S\" : 11, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3933018Z\", \"C\" : \"\", \"Q\" : 5.0, \"M\" : 0, \"F\" :
52, \"G\" : \"Opt\" }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Telemetry.PrivacyGuard\", \"V\" : false, \"S\" : 11,
\"P\" : 0, \"T\" : \"2022-07-31T18:37:49.3933018Z\", \"C\" : \"\", \"Q\" :
2.0, \"M\" : 0, \"F\" : 52, \"G\" : \"Opt\" }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Accessibility.Telemetry.SurfaceRegistration\", \"V\"
: true, \"S\" : 11, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3933018Z\", \"C\" : \"39\", \"Q\" : 5.0, \"M\" : 0, \"F\" : 52 },
{ \"ID\" : 37, \"N\" : \"Microsoft.Office.SharedText.CustomCloudFonts\", \"V\" :
false, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.3933018Z\", \"C\" : \"33\", \"Q\" : 1.0, \"M\" : 0, \"F\" : 52 },
{ \"ID\" :
37, \"N\" : \"Microsoft.Office.Identity.TelemetryRegionEnabled\", \"V\" :
false, \"S\" : 11, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.4022812Z\", \"C\" : \"\", \"Q\" : 4.0, \"M\" : 0, \"F\" :
52, \"G\" : \"Opt\" }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Click2Run.RemoveRawHtmlDuringCleaning\", \"V\" :
true, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-31T18:37:49.4102558Z\", \"C\" : \"\",
\"Q\" : 4.0, \"M\" : 0, \"F\" : 52, \"G\" : \"Opt\" }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Click2Run.UseOfficeHelperAddon\", \"V\" : \"\", \"S\
" : 1, \"P\" : 0, \"T\" : \"2022-07-31T18:37:49.4112531Z\", \"C\" : \"33\", \"Q\" :
8.0, \"M\" : 0, \"F\" : 52 }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Click2Run.UseOutlookShareAddon\", \"V\" : \"\", \"S\
" : 1, \"P\" : 0, \"T\" : \"2022-07-31T18:37:49.4122505Z\", \"C\" : \"33\", \"Q\" :
5.0, \"M\" : 0, \"F\" : 52 }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Click2Run.UseTeamsOnInstallConsumer\", \"V\" : \"\",
\"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.4124744Z\", \"C\" : \"33\", \"Q\" : 21.0, \"M\" : 0, \"F\" : 52 },
{ \"ID\" :
37, \"N\" : \"Microsoft.Office.Click2Run.UseTeamsOnUpdateConsumer\", \"V\" : \"\",
\"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.4124744Z\", \"C\" : \"33\", \"Q\" : 3.0, \"M\" : 0, \"F\" : 52 },
{ \"ID\" :
37, \"N\" : \"Microsoft.Office.Identity.TestGate.EnableLoggingAppGenericIdRequest\"
, \"V\" : false, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.4124744Z\", \"C\" : \"37\", \"Q\" : 5.0, \"M\" : 0, \"F\" : 52 },
{ \"ID\" :
37, \"N\" : \"Microsoft.Office.Click2Run.FrequentUpdateTimeBufferInHours\", \"V\" :
24, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-31T18:37:49.4124744Z\", \"C\" : \"33\",
\"Q\" : 18.0, \"M\" : 0, \"F\" : 52 }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Telemetry.EnableDirectCallsForMetadata\", \"V\" :
true, \"S\" : 1, \"P\" : 0, \"T\" : \"2022-07-31T18:37:49.4153132Z\", \"C\" : \"\",
\"Q\" : 3.0, \"M\" : 0, \"F\" : 52, \"G\" : \"Opt\" }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Telemetry.EnableUserTelemetryAuthCalls\", \"V\" :
false, \"S\" : 0, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.4153132Z\", \"C\" : \"\", \"Q\" : 2.0, \"M\" : 0, \"F\" :
52, \"G\" : \"Opt\" }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Telemetry.CCCO\", \"V\" : true, \"S\" : 0, \"P\" :
0, \"T\" : \"2022-07-31T18:37:49.4361876Z\", \"C\" : \"33\", \"Q\" : 3.0, \"M\" :
0, \"F\" : 52 }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Telemetry.InsidersSampling\", \"V\" : true, \"S\" :
1, \"P\" : 0, \"T\" : \"2022-07-31T18:37:49.4361876Z\", \"C\" : \"\", \"Q\" : 10.0,
\"M\" : 0, \"F\" : 52, \"G\" : \"Opt\" }, { \"ID\" :
37, \"N\" : \"Microsoft.Office.Telemetry.Sampling.InsidersSampling\", \"V\" :
false, \"S\" : 11, \"P\" : 0, \"T\" : \"2022-07-
31T18:37:49.4361876Z\", \"C\" : \"\", \"Q\" : 7.0, \"M\" : 0, \"F\" :
52, \"G\" : \"Opt\" } ]"}

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy